The saga started as with most ransomware events – someone clicked on a link in an email. With Riviera Beach, this meant that simple computer use was messed up, 911 calls were not recorded correctly, and the water utility systems went offline. Faced with a demand for a $600,000 ransom, the city initially decided to simply buy new computers for $941,000. Since then, they’ve reconsidered and voted to just pay out the ransom. And it seems that an insurance policy will pay for about half of this.
This – and two other recent ransomware cases – highlight the good, bad, and the ugly ways to handle this sort of situation.
The Good – and it is NOT the city of Riviera Beach. It is Norsk Hydro, the global aluminum processor. While knocked offline this March and with some production and logistics taking a hit, the company has gotten favorable reviews for both its quick response and its disaster planning made beforehand.
The Bad – Riviera Beach takes the award for this. Sure, they will (probably) get back online more quickly, but it is still not sure that they will manage to get back the missing data. They have just incentivized the bad guys to do advanced research on small municipalities and construct targeted phishing emails. It also is not clear if the city is doing any planning to prevent this type of event from happening again.
The Ugly – The City of Baltimore is believed is expected to lose over $18 million as a result of the May attack of the RobbinHood ransomware. The city refused to pay a ransom of 13 bitcoin (around $76,000) to unlock the impacted computers and allow users to regain access to their files. While the city reportedly had some backups, they lacked a disaster recovery plan. More than a month afterwards, city operations are still not totally functionally.
Ransomware involves choices – and non of them particularly pleasant. The FBI recommends never paying the ransom. Forresters says that paying might be “a valid recovery option.” And it seems that Baltimore really did not know what to do. What do you think you will do — if or when a ransomware demand hits?
Whether a city, business, or an individual, ransomware demands people make some choices. Here are four choices you should be making: