The city council of Riviera Beach, Florida has voted unanimously to pay $600,000 to criminals who seized control of the city's computers through a ransomware attack, after three weeks of being locked out of the city systems (the city has also voted to spend $1m replacing its computers).
Despite the fact that paying the ransom will enrich gangsters at public expense, the city is arguably getting a bargain. On May 8, the city of Baltimore was taken hostage by ransomware, and the city opted not to pay the ransom. City services have been paralyzed ever since, and they remain down, more than a month later, with millions in losses to the city.
Though ransomware has been around for years, it gained a new lease on life when an NSA superweapon leaked online. The NSA stockpiles vulnerabilites in widely used system as a means of attacking its adversaries, and subscribes to an official doctrine called NOBUS ("No One But Us") whose premise is that no one in the world is smart enough to rediscover these defects or steal them from the NSA. The NSA is obviously very wrong about this.
I mean, obviously.
In the meantime, the NSA's recklessness has put us all to risk. If your data is locked up and you don't have a backup, your only option is probably to pay the ransom (you most certainly should not hire a "consultant" to recover your data or negotiate on your behalf, as these businesses are nearly as crooked as the ransomware criminals themselves).
Spokeswoman Rose Anne Brown said Wednesday that the city of 35,000 residents has been working with outside security consultants, who recommended the ransom be paid. She conceded there are no guarantees that once the hackers received the money they will release the records. The payment is being covered by insurance. The FBI on its website says it "doesn't support" paying off hackers, but Riviera Beach isn't alone: many government agencies and businesses do.
Florida city pays $600,000 ransom to save computer records [Terry Spencer/AP]