Estimated reading time: 2 minutes, 15 seconds

What’s the Best Response to a Ransomware Attack?

A recent spate of crippling ransomware attacks on American cities has stoked a debate about how public and private organizations should address hacker demands.

Earlier this year, officials in Baltimore defied a $76,000 ransom demand. Meanwhile, two Florida cities coughed up a combined $1 million to hackers. So reports AFP. Baltimore is staring down a projected $18 million price tag to revamp its computer systems. The same hackers who hit Lake City and Riviera Beach, went on to launch a ransomware attack against the Georgia state court system.

There are arguments for and against paying the ransom, notes Cisco Talos Intelligence Group, in a blog post. As the example of Baltimore shows, paying up can be far cheaper, and smaller entities might not be able to afford the alternative. But, meeting ransomers’ demands only encourages them to strike again.

“At some point, all parties involved need to come together with lawyers and executive leadership, possibly including law enforcement, to determine the best course of action, basically to pay the negotiated ransom or not,” said Cisco Talos operations division director Nigel Houghton. “This is not a simple ‘never pay the ransom’ or ‘just pay the ransom’ resolution.”

The U.S. Conference of Mayors has come down on the side of not giving in to hackers’ demands. The group, which represents more than 1,400 cities with populations over 30,000, adopted a resolution at its meeting in late June and early July against paying ransoms after a cyberattack, reports CNET.

Already this year, hackers have paralyzed 22 city, county and state government computer systems with ransomware attacks, according to the resolution. Last month, following the Baltimore hack, Maryland Gov. Larry Hogan approved an executive order meant to boost the state’s cybersecurity. According to Fox Baltimore, officials plan to overhaul Maryland’s cybersecurity guidelines for the first time since 2013, and the order also urged the creation of a state cybersecurity cabinet.

A recent op-ed in The Hill noted the inability of smaller municipalities to shoulder the costs of robust cybersecurity and called for the federal government to provide resources. Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) recently introduced the Cyber Resiliency Act, which would set up a system of digital-support grants for state and local government. The op-ed authors, Liberty Ventures partners Kirsten Todt and Roger Cressey, argue that new legislation should go further.

The urgency of the ransomware question may only be growing. A recent Fortune headline warns, “Artificial Intelligence Is About to Make Ransomware Hack Attacks Even Scarier.” Hackers could reportedly use “deepfakes,” in which AI is used to put words in people’s mouths in videos, to deceive rank-and-file workers. AI and machine learning could also help ransomware attackers figure out which employees to target.

Read 2902 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.