Atlanta City has been forced to spend $2.7m in the aftermath of a major ransomware attack in March, in another sign of the ongoing threat posed by this class of malware.
Hackers demanded the equivalent of over $50,000 in Bitcoin when they struck a couple of months ago, putting key systems out of action including apps citizens use to pay their bills and access court information.
Mayor Keisha Lance Bottom is said to have claimed that paying the ransom was “up for discussion” although it’s unclear if any money exchanged hands.
However, local news reports now suggest that city officials have been forced to pay nearly $2.7m for eight emergency contracts.
These are said to include a $650,000 contract with SecureWorks to investigate and mitigate the initial damage caused by the attack, and two other contracts worth $1m with private companies to help with the city’s IT and court systems.
The city’s law department also signed a $600,000 contract with business consultants Ernst & Young, and Edelman PR's expertise was also sought for a hefty fee.
The revelations highlight the need for organizations to have effective and regularly tested incident responses plans in place. Being caught unprepared can lead to excessive unplanned expenditure down the road, as the City of Atlanta has found out the hard way.
Ilia Kolochenko, CEO of web security company, High-Tech Bridge, argued controversially that in this case it may have been a better move to pay the ransom.
“Spending 50 times more money to remediate the consequences of the attack, instead of investing the same money into prevention of further incidents, is at least questionable,” he added.
“Of course, when evaluating the possible avenues of ransomware responses, one should take into consideration all relevant factors and circumstances. However, in some cases, paying a ransom - is the best scenario for a company and its economic interests.”
However, most experts will advise against paying up, especially as it only emboldens the black hats and may still not result in being able to regain access to corporate data.
A Trend Micro poll found that one in five UK organizations that paid up did not receive a decryption key.