Atlanta spent $2.6 million to recover from ransomware

walden, system, systems, accordion, backup, back, up, ransom, ware, ransomware, data, recovery, critical, protection, walden systems, virus, security, nas, network storage
The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.



     THE CITY OF Atlanta spent more than $2.6 million on emergency efforts to respond to a ransomware attack that destabilized municipal operations last month. Attackers, who infected the city's systems with the pernicious SamSam malware, asked for a ransom of roughly $50,000 worth of bitcoin. Atlanta officials haven't said whether they paid the ransom, or even tried, but it seems that they may not have even had the chance; the attackers quickly took the payment portal offline, and left the city to fend for itself. So far, the recovery has been far more costly than the initial demand.

     The Atlanta Department of Procurement lists eight emergency contracts initiated between Match 22 and April 2 with a total value of $2,667,328. Most of the expenses were relate to incident response and digital forensics, extra staffing, and Microsoft Cloud infrastructure expertise, presumably all related to getting back the systems that the hackers had frozen. The city also spent $50,000 on crisis communications services from the firm Edelman, and $600,000 on incident response consulting from Ernst & Young.




     While the security and law enforcement communities generally discourage victims from paying ransoms, it'll only encourage them but it's not so clear cut. It complicates matters further that attackers intentionally set their ransom prices at a level they think victims can afford. They want to maximize how much they walk away with, while still offering a "bargain" to targets versus doing the work to rebuild systems and restore from backups. The US government "does not encourage paying a ransom to criminal actors," the FBI notes in a "Ransomware Prevention and Response" document. However, after systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees, and customers. Victims will want to evaluate the technical feasibility, timeliness, and cost of restarting system from backup.

     Every situation has its own financial and ethical calculus. In Atlanta's case, refusing to pay and investing in remediation will likely improve Atlanta's cyberdefenses for the long term. But paying the premium to do these improvements during a crisis burned through taxpayer dollars that could have been spent elsewhere. And while the bill seems high, it's actually not entirely out of line for remediation on this scale. "What Atlanta paid is maybe not a bargain, but I think they probably did pretty well," says Chris Duvall, senior director of The Chertoff Group, which specializes in risk management. "We had a private sector client, a relatively small company that was about $60 million in revenue, they ended up paying about $3.1 million after a ransomware attack, because they had all the incident response, plus insurance claims, privacy monitoring, and contractual hits for missed services. It can be very expensive, and defense is not an easy thing.



     Though a municipality doesn't have the specific obligations of a private company, it still has plenty of crucial considerations and costs. Atlanta's ransomware attack impacted five of the city's 13 local government departments, and disrupted many functions people rely on every day, including the Police Department records system, infrastructure maintenance requests, and the judicial system. The attack also hindered revenue collection; residents weren't able to pay their water bills for days. Paying the ransom up front might have saved the City of Atlanta time and money and on paper would have cost several orders of magnitude less than the eventual cure but it's not quite as simple a call as it seems. City officials had no guarantee that attackers would actually release their systems upon payment. Or even if the hackers did decrypt the infected devices, the city's digital infrastructure could still been weakened by the attack. There is also evidence that Atlanta was behind on addressing known vulnerabilities in its networks, so seizing the ransomware attack as an opportunity to invest in proper defense may offer more assurance that things have improved than simply paying a ransom and continuing to put off substantive upgrades.

     Though it's tempting to say that it's worthwhile to take the easy savings by paying ransoms, experts are reluctant to ever recommend it. Instead, they emphasize that investing in software updates, backups, and network segmentation now can genuinely pay off for institutions later if they are targeted by ransomware. It only works if people are actually paying it, and instead that money could go a long way to actually fixing your stuff beforehand.