Industry websites and experts have monitored the New Bedford ransomware story, largely agreeing that in the wake of the incident the city seemed to have followed best practices in limiting the impact of the attack.
(TNS) — New Bedford's ransomware attack has gotten noticed in the world of information security.
The industry website Bankinfosecurity.com picked up the New Bedford story last week, quoting a cybersecurity executive who said the city seemed to have followed best practices in limiting the impact of the attack.
On Forbes.com, contributing writer and cybersecurity entrepreneur Zak Doffman wrote that New Bedford's response to a ransom demand of $5.3 million in bitcoin "has proven that the playing field can be levelled."
Mayor Jon Mitchell said he was reluctant to negotiate with the attacker, but decided to offer an insurance-covered payment of $400,000 — not just in case the city could get the decryption key, but also to buy time.
While the negotiation played out, the city bolstered its systems against potential follow-up attacks and assessed whether trying to restore them without a decryption key was advisable, Mitchell said in a Sept. 4 press conference.
When the attacker rejected the offer, the city opted to work toward restoring the systems with the help of consultants, rather than offer more ransom money.
Resisting the urge to pay is what many security experts and the FBI recommend. But the choice isn't always easy: To pay or not to pay?
"That's the hard decision, right?" said UMass Dartmouth's Lance Fiondella, an assistant professor and expert in computer engineering.
Meticulously calculating the value of the time required for recovery is important, he said. Only then can a city or organization determine if the ransom demand is high or low compared to the value.
But either way, Fiondella said, they should be aware that bitcoin is the currency of the dark web, used to pay for "everything from murder for hire to these types of extortion."
Jake Mazzola, a 2013 UMD graduate and co-founder of Blue Harbor Technology in Plymouth, said he was glad to hear the city didn't pay.
"At the end of the day, you don't know who you're paying," he said. "You could be funding terrorism."
Brett Callow of Emsisoft, a cybersecurity firm based in New Zealand, said New Bedford seems to have handled the technical response to the attack well, given that the city contained the ransomware quickly.
But the pay-or-not question should not be a run-of-the-mill business decision, he said. A ransom should only be paid when no other option for recovery exists.
"The only way to stop ransomware is to make it unprofitable," he said.
UMD's Fiondella said that as word spreads about ransomware attacks on municipalities, communities will want to make sure their governments are investing in information security.
©2019 The Providence Journal (Providence, R.I.). Distributed by Tribune Content Agency, LLC.