Three hundred thousand dollars is a pretty penny to pay.
But it looks like the City of Florence, Alabama, thinks it's worth it.
Ransomware attack hits Alabama municipality
After getting confirmation of a cyberattack on the city computer system, officials in the City of Florence were quick to act.
So quick, in fact, that the damage from the attack was unclear. WHNT News 19 covered the details and how Brian Krebs was involved:
"At the time, it didn't appear that any information was lost, stolen, or compromised Mayor Steve Holt said. However, on Tuesday, independent investigative journalist Brian Krebs released an article on his website stating that ransomware had been deployed and that the intruders are demanding nearly $300,000 worth of bitcoin."
The ransomware that hit the city network is called DoppelPaymer, whose operators typically exfiltrate data as well as encrypt it. They then threaten to publish the data unless a ransom demand is paid.
And according to an outside agency advising the City of Florence, the DoppelPaymer ransomware gang has a reputation for keeping their word and not releasing information after a ransom has been paid.
The vote from city officials? Unanimous: pay the ransom, using money from the City of Florence insurance fund.
But that's not all. They're also asking the hackers to provide a "proof of concept."
"We're having to approach it from the standpoint that we're going to have to assume—we know they have some of our information, we don't know that they have our critical information, frankly don't think they do but we don't know," Mayor Holt said.
Mayor Holt said the next step in the investigation is for DoppelPaymer to give the city proof that they will delete the stolen information.
What happens if you pay a hacker's ransom?
Ransomware: to pay or not to pay?
That is a question of much debate in the cybersecurity community. From security professionals to government officials, many have differing opinions on the concept of handing money over to cybercriminals.
In a conversation with Gretel Egan, Security Awareness and Training Strategist at Proofpoint, SecureWorld discussed the 2020 State of the Phish report.
Ransomware payments are an important part of the research, which Egan explained:
"We did find that more than 50% of those who had an infection decided to pay. Among those people that did decide that they were going to roll the dice and negotiate with attackers, a lot of them had a positive outcome. Nearly 70% got their data back following a ransom payment."
But not all ransomware stories have a happy ending, Proofpoint found:
"That might comfort people on some level, but that still leaves a significant chunk of people who spent money and did not get back what they expected to. More than 20% made the payment and never got access to their data, and then about another 10% had a follow-up demand that came back to them after making initial payments."
Not only is ransomware a roll of the dice, it's also a wager of reputation, according to Egan:
"Think about what it means to be flagged as a payer. We know that cybercriminals share information amongst themselves. So it's really critical to think about what that implication is down the road if word gets out that you're someone who is willing to pay a ransom."
We've also seen a series of reports which indicate that ransom demands are often five figures and increasingly becoming six and even seven figures.
For some organizations, that may be justifiable to keep proprietary or embarrassing information from being published by hackers, and to be able to recover and resume operations.
The DoppelPaymer ransomware operators recently hit a third-party vendor of Boeing, Lockheed Martin, SpaceX, and Tesla, and published data for the world to see after the vendor refused to pay the ransom.
