Public organizations and local government bodies are the new favorites of ransomware operators. This year we have seen how they have held hostage the municipality system of Atlanta for days. Apart from large-scale attacks, they are constantly targeting the networks of public schools and local counties.
In a recent cybersecurity conference held in Washington DC, Mark Foster, assistant manager of Mecklenburg County, North Carolina revealed that they were going to pay the attackers for ransomware removal when the county’s networks were hit by a cryptovirological attack in December last year.
Foster told the attendants that the initial hours following the attack were really critical when they had almost decided to pay extortion money to recover their files. It is natural to get panicked right after a cryptovirological attack, particularly when it hits a system that deals in the public domain. However, after a quick assessment from the cybersecurity officials of the county, the administration reassessed the decision of ransom payment and settled on to go with in-house ransomware removal measures.
Data Backups Saved Mecklenburg From Paying the Attackers
It is important to mention that extensive data backup management from the county protected them from yielding to the demands of the attackers. According to foster, they devised a crisis team right away to commence ransomware removal activities. The team shut down the servers and started the recovery of the locked down data from the backups.
As per Foster, for a while, they had to resort to pen and paper to do their work. But it didn’t continue for long because of the successful ransomware removal activities of the county’s cyber team.
Paying Ransom is not the Solution
Mecklenburg County completely acted according to the ransomware attack guide of the FBI. The attackers asked $23,000 in Bitcoin for ransomware removal. But the administration refused to engage in the unlawful and untrustworthy transaction. Instead, they spent more money to disinfect and restore their systems.
Security experts and the FBI have repeatedly warned against the payment of ransom following a cryptovirological attack because it doesn’t guarantee anything.