Opposing view: CEOs pay. Mayors should have the option.
It’s easy to say cities shouldn’t pay ransoms, but municipal governments cannot operate without their computer networks. Being out of commission for weeks is not a viable option for many city government departments.
Of course, when corporations or governments are hit with ransomware, it is an indicator that they have not been adequately funding information technology security. Ransomware is a form of Darwinian selection, afflicting the least capable.
The excuse that “we don’t have the money” for IT security is a bit like saying “we can’t afford electricity.” IT security is a cost of doing business, but if you failed to pay the price, it might be too late now that you have been hit by an attack encrypting your system.
Giving money to criminals to get your network back could be the only other option. Trying to recreate scores of data bases from backups may take weeks and be less than fully successful.
Ransomware criminals typically demonstrate “honor among thieves” and give the network back when you pay. If they didn’t, no one would ever pay again.
Thousands of corporations have seen the logic of paying the ransom. They just do so quietly and quickly. We cannot deny mayors the option CEOs have so frequently chosen.
We can, however, tell mayors that you have already failed once if your network got encrypted by ransomware: Don’t let it happen again. Secure your network. And if you haven’t been hit yet by ransomware, don’t be overconfident it won’t happen. Securing networks is a continuous process.