Atlanta Projected To Spend At Least $2.6 Million on Ransomware Recovery

Atlanta is setting aside more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city's online services. ZDNet reports: The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price. But the ransom was never paid, said Atlanta city spokesperson Michael Smith in an email. Between the ransomware attack and the deadline to pay, the payment portal was pulled offline by the ransomware attacker. According to newly published emergency procurement figures, the city is projected to spend as much as 50 times that amount in response to the cyberattack. Between March 22 and April 2, the city budgeted $2,667,328 in incident response, recovery, and crisis management.

Ouch

[Errol+backfiring]

That's a lot of money to restore a backup.

Re:Ouch

[Opportunist]

For 26 millions I'd assume all this and a few things more, yes.

Re:Ouch

[msauve]

If you think making trite comments indicating a shallow understanding of the subject makes you clever, it doesn't.

Re:Ouch

[Wycliffe]

A company can have a 100% backup solution and it may still be worth their while to pay the ransom.

Yes, assuming you can trust the criminal, it could possibly be cheaper but you should NEVER pay a ransom. It only open you and everyone else up for more ransom. I would much rather see paying ransoms outlawed and the government require everyone to carry ransom insurance and then have the insurance company pay to fix the problem. The advantage of this approach would be that if the insurance company pays for the recovery it reduces the incentive to pay the ransom and hopefully ransomware disappears. If we want ransomware to disappear, we need to make sure that it's cheaper and easier to not pay a ransom than it is to pay a ransom so that noone is tempted to pay a ransom. Another alternative is to make sure that the penalty for paying the ransom is so severe that noone is tempted.

even if they had paid

[bugs2squash]

Even if they had paid the ransom they would still need to fix the security holes though, so at least some of the extra expenditure is well justified.

Re:even if they had paid

[sl3xd]

I also remember seeing that the majority of those that pay ransomware are unable to recover data anyway.

Paying the ransom does only two things:

1. Encourages more ransomware, as it "works" as a business model
2. Would cost Atlanta another 55,000 in addition to the $2.6+ M to fix the problem.

Re:Solution

[Opportunist]

...said the lawyer.

The problem is that you can sue someone into oblivion (usually a ltd company that goes *poof* the moment you try to squeeze money from it) means jack shit when your whole administration grinds to a halt and you can't get anything done sensibly anymore, constituents get REALLY pissed at you and vote the other guy in next time.

Who then gets your job AND whatever they can squeeze from the husk. Well done. Really. *golfclap*

Re:Good to hear it works.

[UnknownSoldier]

This reminds me of a similar saying in the motorcycle world:

It is not a matter of IF you will wipe but WHEN you will wipe.

As a result we have the acronym: ATGATT: All the gear, all the time.
i.e. You don't wear gear for the 99.99%, but for that 0.01% of the time.

Bringing this back on top: It doesn't matter how fast you can do backups if your restore procedure is completely botched! You DID test it, right?

Re:The price of using Windows,

[sl3xd]

Nah, the time to switch to Linux was before Windows 10 started pushing upgrades which remove critical drivers.

In the past few weeks I've multiple fixed family & friend computers which were horked by Windows 10 Update deleting the SATA drivers, followed by input device drivers.

Who needs ransomware when Microsoft is bricking its user's computers?