US municipalities have reached a broad agreement not to pay ransomware criminals any more, but that hasn’t stopped at least one county coughing up after being hit by a ransomware attack.
At the 87th annual meeting of the United States Conference of Mayors (USCM), attendees warned that at least 170 county, city or state government systems had experienced ransomware attacks since 2013; 22 of them had been hit in this year alone, they added, singling out Baltimore, Albany and the counties of Fisher, Texas and Genesee, Michigan.
So, at their meeting in late June, they decided to take action and passed a resolution not to co-operate with online extortionists anymore.
“Now, therefore, be it resolved, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach,” its resolution said.
The USCM represents 1408 cities with populations of 30,000 or more. Each of those cities’ mayors is a member of the Conference, which speaks with “a united voice on organizational policies and goals,” according to its website.
However, LaPorte County, Indiana, isn’t represented on the USCM because it doesn't have a mayor. It has a County Board of Commissioners, and is a separate entity from the cities in the County. It is a member of the National Association of Counties, a US-wide organization that doesn’t have a resolution on ransomware.
That’s unfortunate for Travelers Insurance, which will reportedly now foot the lion’s share of a bill for a $130,000 ransom that LaPorte County decided to pay following a ransomware attack this month.
The County is said to have suffered a Ryuk infection, which spread to its backup servers and corrupted its files. It hit around 7% of the County’s laptops, and two domain controllers, meaning that no server could access network services.
Is it ever right to pay a ransomware demand? The FBI, Department of Homeland Security, and Canadian Cyber Incident Response Center all say no, but not everyone is so prescriptive. “It is a matter for the victim whether to pay the ransom,” according to the UK’s National Cyber Security Centre.