How long could your organization continue to operate without its core servers? Could you last two weeks? The the city of Baltimore, MD has been without its email and payment processing services since May 7th after refusing to pay the nearly $100K bitcoin ransom demanded by the hackers that “kidnapped” their systems. In case you are one of the few people left on earth who are unfamiliar with the scourge known as “ransomware”, it’s basically a form of extortion where hackers gain access to an organizations computers and lock everyone out by encrypting the files which can then only be unlocked and made usable again by paying for a digital key.
Should you pay the ransom?
This is, pun intended, the (sometimes) million dollar question that is difficult to answer and is often situation dependent. From a security and law-enforcement point of view, authorities typically recommend not paying the ransom, but from a purely financial and technical vantage, the answer isn’t necessarily “no.” Case in point: when the city of Atlanta refused to pay a $50K ransom to unlock its hacked computers, it ended up costing them $17M to fix. With Baltimore’s payment processing unavailable, the city was unavailable take payments for parking tickets, utility bills, and process real estate sales, which likely results in huge operating shortfalls, on top of having to pay security and technology consultants a great deal of money to restore systems and data that were permanently destroyed by the ransomware attack.
Unfortunately there isn’t a security system or platform that is impervious to malware attacks, primarily because the large majority of successful hacks are the result of human error versus technical failure. And one of the biggest errors that can be avoided is making the mistake of not properly backing up your critical data and systems, which, as you might have guessed is probably the best defense against these types of attacks. Ransomware attacks can seem crippling, but with the proper backups and contingency planning, most organizations can recover quickly without having to consider the prospect of paying a ransom.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
[…] county or state governments, including the high-profile incident in Baltimore which I wrote about back in May of this year which has thus far resulted in $18 million in remediation costs and lost revenue. Not […]