In June 2019, Riviera Beach in Florida found that they had lost access to their own data. This wasn’t any normal data loss, though, but instead what is becoming more common: a ransomware attack. According to the Federal Bureau of Investigation, a new organisation is targeted by ransomware every 14 seconds.
The ransomware attackers were demanding $600000 to allow Riviera Beach to get their data back. The FBI advised the city council not to pay it, but they decided to ignore that and pay out. More than half of the sum was covered by the city’s insurance policy.
The city has an IT department of 10 people, with an annual budget of $2.5 million to support a government of 550 employees. Given that half of the demands were covered by insurance, and that a full recovery might have cost up to three times the total amount, it’s no shock that they decided to pay out. On the surface, at an immediate financial level, it was the easiest decision to make – and one of that many local governments and businesses have made in the past.
The problem is, that decision comes with many downsides. Riviera Beach were attacked because a police department employee clicked on a phishing email link. That vulnerability still exists and will need to be patched. There’s no guarantee that the data hasn’t been stolen from the network regardless of recovery. It’s also highlighted that the city can’t effectively protect itself or recover – making it a prime target.
The landscape of ransomware is changing. It used to be opportunistic, attacking hundreds of thousands of users at one time. However, it became difficult for the attackers to manage. They would send samples of the files to users, to prove their access, but the constant back-and-forth chats and minimal payments didn’t convert into a worthwhile pay out.
Instead, many attacks are now targeted to specific organisations that are more valuable and more likely to pay. Some have demanded payments in the millions. Communications are now handled by email, rather than using a Tor-based web panel, making it simpler to keep everything quiet.
Riviera Beach spend most of their IT budget on desktop and printer support, with some internal hosting of systems and sites. Unfortunately, their disaster recovery was more concerned about hurricanes and they used off-site mail hosting. In short, not in the best position to be in when hit with a ransomware attack.
This position is not uncommon for organisations and governments of all sizes. Many are unable to justify the expense of the protection. Offsite backup is an insurance that gets skipped for many when judging against the bottom line. But when you consider how much it can cost to successfully recover from a ransomware attack, or unfortunately have to pay off the attackers, it doesn’t seem so great after all. Organisations need to pull their socks up and get their IT operations into the modern age because otherwise unscrupulous people will continue to cash their cheques without fight.
The Cost of Not Protecting Against Ransomware
No comments yet. Sign in to add the first!