You’ve probably seen the Twitter posts over the past few days – while the attackers demanded approximately $55,000 in ransom, the city of Atlanta has spent nearly $2.7 million dollars in an effort to recover from the recent attack by the SamSam ransomware.
New: After a ransomware attack, Atlanta spent about fifty-times the ransom demand on recovering its affected network. Here's our story. https://t.co/jSztPYuJ3Z
— Zack Whittaker (@zackwhittaker) April 23, 2018
Worse still, some systems remain offline and lots of data has been lost forever. So what’s the lesson here?
We’ve seen a range of answers online, the most common of which has been, “Atlanta should have simply paid the ransom – look at how much money they could have saved!” This answer is, without question, wrong.
Imagine that you were in your home and intruder walks in and demands money. Times are tough so, you’ve decided to sell your doors. Paying the intruder may or may not make them go away, but the larger problem still remains – if anyone can simply walk into your home at any time, what’s to stop the event from happening again in the future? An immediate payment may address the immediate issue, it doesn’t solve the problem. Time to get some doors and locks.
Regardless of whether or not payment was made to the attackers, the vulnerable state of the City of Atlanta’s network meant that significant funds needed to be spent not simply to recover from this attack, but make future attacks more difficult. Said differently, Atlanta didn’t have a choice between paying the ransom OR paying these fees, administrators had to decide to pay at LEAST the cost of strengthening their systems and got to decide if they wanted to pay $55,000 on top of that in ransomware payments.
Don’t be convinced otherwise – and ask the people giving you that advise if they’d be comfortable without locks and doors on their homes and businesses.
The cost to make systems more robust would have been far lower had protections been put in place proactively. No need to pay for emergency public relations experts, surge IT professions or many other similar expenses. This is what you should take away from the Atlanta attack.
So what can you do to avoid such a huge expense? How do other cities, enterprises and small businesses avoid these massive expenses? How do you deal with this as traditional AV products increasingly fail in the face of ransomware?
Give us a shot. CryptoDrop works on endpoints to stop ransomware fast. Even if you have backups, remember that the time it takes to completely restore multiple machines can take days (and that’s if your backups are comprehensive). Stopping ransomware at the endpoint helps to prevent widespread damage, which could require days, weeks and potentially millions of dollars of damage. Don’t believe me? Ask Atlanta.
Give CryptoDrop a shot. We Stop Ransomware.