Ransomware
operators have targeted more American intitutions than ever this year,
including state and local government systems, school districts, healthcare
facilities and other entities. And with the payouts circulated in the news,
it’s hardly a surprise that their appetite keeps growing. While government
officials scramble to strengthen their cybersecurity, taxpayers are angry.
A recent wave of ransomware attacks on state-owned infrastructures across the US has taxpayers up in arms over local officials’ handling of the situation. For example, two cities in the state of Florida – City of Riviera Beach and Lake City – paid a combined $1 million in June to ransomware operators to regain access to their municipal systems. And ransomware attacks across the nation are crippling medical offices and school systems just as the school year starts.
Nearly 80%
of citizens across the US are increasingly worried about ransomware attacks on
cities, according to a survey by Morning Consult on behalf of IBM. Taxpayers see ransomware
as a threat to their personal data and their city’s data. Nearly 60% of those
surveyed are against their local governments using tax dollars to pay ransom
and would prefer their city face higher recovery costs rather than use tax
dollars to pay the ransoms.
While the public’s stance is laudable, recovering from a ransomware incident can cost anywhere between $20,000 and $20 million. Atlanta paid $17 million and Baltimore spent $18 million to recover from a ransomware contagion after refusing to succumb to the attackers’ ransom demands. Considering that attackers typically demand around $400,000 for the decryption keys, it is perhaps no surprise that many local governments decide to pay.
According to
the same study, just under half of respondents believe protecting cities from
ransomware is the federal government’s job, above state and local decision
makers. And 90% are in favor of increasing federal funding to improve
cybersecurity in cities.
A recent
study by The Harris Poll ended with similar findings: Americans
won’t vote for candidates who approve ransomware payments. Asked to
elaborate, 86% reasoned that, when organizations make ransomware payments, they
encourage cyber criminals to strike again, a stance shared by cybersecurity
experts.