Hackers demanded the equivalent of over $50,000 in Bitcoin when they struck a couple of months ago, putting key systems out of action including apps citizens use to pay their bills and access court information.
Mayor Keisha Lance Bottom is said to have claimed that paying the ransom was “up for discussion” although it’s unclear if any money exchanged hands.
However, local news reports now suggest that city officials have been forced to pay nearly $2.7m for eight emergency contracts.
These are said to include a $650,000 contract with SecureWorks to investigate and mitigate the initial damage caused by the attack, and two other contracts worth $1m with private companies to help with the city’s IT and court systems.
The revelations highlight the need for organizations to have effective and regularly tested incident responses plans in place. Being caught unprepared can lead to excessive unplanned expenditure down the road, as the City of Atlanta has found out the hard way.
“Spending 50 times more money to remediate the consequences of the attack, instead of investing the same money into prevention of further incidents, is at least questionable,” he added.
“Of course, when evaluating the possible avenues of ransomware responses, one should take into consideration all relevant factors and circumstances. However, in some cases, paying a ransom – is the best scenario for a company and its economic interests.”
A Trend Micro poll found that one in five UK organizations that paid up did not receive a decryption key.