Atlanta paid nearly $3m to recover from ransomware attack

The March, the city of Atlanta was hit with a massive ransomware attack that took down critical systems, in many cases forcing officials to use pen and paper instead of email and digital records. The hackers had demanded $51,000 worth of Bitcoin, according to a report by Reuters last month, but the city apparently declined to pay it. Instead, it appears officials spent substantially more to contractors to recover from the attack, a process that is ongoing.

The ransomware attack happened on March 22, leaving many agencies and officials without access to systems containing digital records, emails, and more. The hackers demanded a Bitcoin payment that would have been equivalent to $51,000 USD, but officials declined. The reason for turning down the ransom is unclear, nor whether they later attempted to pay it.

Some ransomware attacks involve an escalated ransom once an initial payment is made; it's possible that officials may have wanted to avoid wasting money on the ransom, only to later turn down a larger payment. Whether that would have happened is speculation, though, as a ransom was never given.

However, some taxpayers are unhappy to discover that Atlanta ultimately paid millions of dollars to deal with the issue. According to a list of emergency procurements published on the Atlanta government website, officials spent large sums of money to several contractors including SecureWorks and Pioneer Technology Group.

Adding up the figures, it becomes clear that Atlanta spent more than $2.5 million dealing with the issue, that figure not including any expenses outside of paying contractors. The revelation has raised a new and important question: should ransomware victims avoid paying ransom regardless of cost, or is there a threshold at which point officials should give in to the demands?

Ransomware attacks have become increasingly common, impacting a variety of victims both big and small. Some companies have relented and paid the requested fees, sometimes to their benefit with the ransomware being disabled as promised. In early 2016, for example, a California hospital paid a bitcoin ransom to restore its systems after negotiating the ransom price down to around $17,000.

SOURCE: Reuters, Security Week