City of Florida proves the ransomware business case

The City of Florida, after agreeing to spend $1 million (about £790,000) on new IT infrastructure after hackers captured their systems three weeks ago, has now agreed to pay $600k to get access to their systems.

The ransomware was apparently downloaded after one employee clicked on a malicious email link.

And it proves the business case for the scammers, doesn’t it?

Crafting a smart phishing email, releasing it on a widespread basis to a database of email addresses purchased on the dark web and waiting until someone somewhere clicks on a link is not exactly a high investment, high risk business – and the returns are extremely good.

CBS even says that the best solution to a ransomware attack is paying the ransom!

A $600k payoff means that there will be more and more phishing attacks, and more and more compromised IT systems – all because complacent managements assume that it can’t or won’t happen to them.

The CEO of a US hospital, one that is now grappling with cyber-crippled systems, said: Oh, those poor folks. I’m glad that’s never to going to happen to us.”

And now it has.

And it costs money – not just the ransom payment but also the collateral damage and disruption, operations postponed and critical medical information that’s made unavailable.

It’s astonishing that every organisation doesn’t mandate anti-phishing staff awareness training, updated on at least a quarterly basis. It’s astonishing that every organisation doesn’t assess and re-assess cyber security risk on at least a quarterly basis.

Perhaps they should be doing it even more frequently. Cyber criminals are assessing, and re-assessing cyber crime opportunities on a daily basis.

Time for management around the world to get with the programme!