After suffering a massive ransomware attack in March that left many vital systems inoperable, Atlanta still hasn’t made a full recovery. The culprits behind the attack demanded a $51,000 ransom in Bitcoin for each system that was locked and the city still needs another $9.5 million to complete its recovery.
This puts the local government of one of the most prosperous cities in the American South in a difficult situation. If it pays the ransom, it sends a message to hackers that their methods truly are effective and would encourage them to continue infecting government computers.
The thing is that refusing to pay the ransom might even be more expensive than simply paying it. There’s no ballpark figure, but the amount of data that a large local government like Atlanta keeps in its data centers could be worth more than the ransom the hackers want.
In this situation, there’s also the question of prevention. What could Atlanta do to make sure that its systems won’t fall victim to another attack of this magnitude?
“I think that the true problem is not ransomware. The problem is unreliable, overcomplicated and insecure-by-design IT architecture. Segregation of duties, data and network access control, proper segmentation, daily backup, desktop hardening, anomaly detection are, de facto, a must-have in any modern company or governmental entity. Apparently, none were in place,” said Ilia Kolochenko, High-Tech Bridge’s CEO.
The silver lining in all of this is that hackers are beginning to shift to cryptocurrency mining malware, reaching higher potential earnings from individuals and companies than they would with ransomware.
Even the most recent reports we are getting point to a migration from ransomware to “cryptomining malware” as an attack vehicle.
Although this is true, however, there’s still reason to believe that some hackers will try their luck trying to demand ransom from governments as they’re the most vulnerable to this kind of attack.