As city after city has remitted hundreds of thousands of dollars to pay off ransomware criminals who hijacked their crucial systems, the US Conference of Mayors had unanimously adopted a resolution to never pay these ransoms again, on the basis that these payments "encourage continued attacks on other government systems, as perpetrators financially benefit,"
I'll be interested to see whether this holds up. When Baltimore decided not to pay the ransom, the city was knocked offline for months and lost millions and millions. Are cities really going to opt to pay millions to avoid paying thousands? After all, the companies that claim they can get your data back without paying the ransom are fraudsters who secretly pay the ransom and charge you a markup.
The resolution does not include any censure for the NSA, whose leaked cyberweapon is behind the ransomware epidemic. The NSA decided to keep a flaw it discovered in Windows a secret so that it could exploit the defect to attack its enemies; in not reporting the bug to Microsoft, the NSA was betting that no one else would ever discover it and that it wouldn't leak (the name for this doctrine is NOBUS: "No One But Us" will ever wield this weapon).
They were wrong.
Opposing Payment To Ransomeware (sic) Attack Perpetrators
1 WHEREAS, targeted ransomware attacks on local US government entities are on the rise; and
2 WHEREAS, at least 170 county, city, or state government systems have experienced a ransomware attack since 2013; and
3 WHEREAS, 22 of those attacks have occurred in 2019 alone, including the cities of Baltimore and Albany and the counties of Fisher, Texas and Genesee, Michigan; and
4 WHEREAS, ransomware attacks can cost localities millions of dollars and lead to months of work to repair disrupted technology systems and files; and
5 WHEREAS, paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit; and
6 WHEREAS, the United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm,
7 NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.
2019 Adopted Resolutions [87th Annual Meeting of the US Conference of Mayors]
US mayors group adopts resolution not to pay any more ransoms to hackers [Catalin Cimpanu/Zdnet]
(via /.)
