US mayors agree not to pay ransomware

The US Conference of Mayors has unanimously approved a resolution not to pay any more ransom demands to hackers if their cities fall victim to ransomware.

The official organisation that represents US cities with populations of at least 30,000 adopted the resolution at the 87^th annual meeting in Honolulu.

According to the resolution, at least 170 county, city or state government systems have been compromised by ransomware since 2013, with 22 of these attacks occurring in 2019 alone.

Paying ransomware attackers encourages continued attacks on other government systems, and ransomware attacks can cost localities millions of dollars and require months of work to repair disrupted technology systems and files.

The resolution is not legally binding but will be used to inform individual cities’ cybersecurity policies.

US cities have in some cases coughed up large sums to resolve ransomware attacks. But statistics suggest that government agencies are already less likely than private-sector companies to pay attackers.

Analysis from threat intelligence company Recorded Future indicates that only 17.1% of US state and local government entities falling victim to ransomware definitely paid the ransom, and 70.4% confirmed that they did not pay the ransom. By comparison, CyberEdge estimates that 45% of organisations across all sectors hit with ransomware pay the ransom.

The analysis also indicates that most ransomware attacks on state and local government systems are crimes of opportunity rather than targeted attacks. But once attackers realise they are in a government system, they take advantage of this by targeting the most valuable or sensitive data to encrypt.

Image credit: ©stock.adobe.com/au/ArtemSam

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.