In an effort to “de-incentivize” hackers attacking municipalities with an increasing amount of ransomware the U.S. Conference Mayors issued a resolution to stop paying ransoms.
At least 170 county, city, or state government systems have experienced a ransomware attack since 2013, and that 22 of them had occurred so far this year, the mayors’ organization noted. Also, ransomware attacks cost governments “millions of dollars and lead to months of work to repair disrupted technology systems and files,” the mayors said in the resolution.
Law enforcement typically recommends victims not pay ransom to recover files and computer networks . The thinking is that payment can result additional, future attacks – and does not guarantee that locked up files actually would be recovered.
ZDNet noted ransom attacks on municipalities continue, with one discovered this week in the city of Richmond Heights, Ohio.
Part of the problem is that governments lack robust data backup systems and pay to try to quickly restore services, ZDNet said.
Ransomware’s greater costs come, however, when municipalities are forced to rebuild some or all of their systems – an expensive, time-consuming task. Stories abound of Baltimore residents’ home sales hung up for weeks after a May ransomware attack because the city’s real estate systems were unavailable, for example.
And some of Baltimore’s systems are still being rebuilt, weeks after the attack. The city hopes to mail water bills finally in early August, for example.
The mayors’ conference issued their anti-ransom payment resolution along with one supporting the “State Cyber Resiliency Act” currently proposed in Congress.
The proposed act, introduced in both the House and Senate this spring, would provide grants to state and local governments to support the development and implementation of stronger cybersecurity and network resiliency in municipal technology systems.