Hackers demanded the equivalent of over $50,000 in Bitcoin when they struck a couple of months ago, putting key systems out of action including apps citizens use to pay their bills and access court information.
Mayor Keisha Lance Bottom is said to have claimed that paying the ransom was “up for discussion” although it’s unclear if any money exchanged hands.
However, local news reports now suggest that city officials have been forced to pay nearly $2.7m for eight emergency contracts.
These are said to include a $650,000 contract with SecureWorks to investigate and mitigate the initial damage caused by the attack, and two other contracts worth $1m with private companies to help with the city’s IT and court systems.
The revelations highlight the need for organizations to have effective and regularly tested incident responses plans in place. Being caught unprepared can lead to excessive unplanned expenditure down the road, as the City of Atlanta has found out the hard way.
“Spending 50 times more money to remediate the consequences of the attack, instead of investing the same money into prevention of further incidents, is at least questionable,” he added.
“Of course, when evaluating the possible avenues of ransomware responses, one should take into consideration all relevant factors and circumstances. However, in some cases, paying a ransom – is the best scenario for a company and its economic interests.”
However, most experts will advise against paying up, especially as it only emboldens the black hats and may still not result in being able to regain access to corporate data.
A Trend Micro poll found that one in five UK organizations that paid up did not receive a decryption key.