Pennsylvania Senate Democrats recover from ransomware - $700,000 paid

Pennsylvania Senate Democrats paid over $700,000 to recover their computer systems after last year's ransomware attack

After a ransomware attack back in March 2017, Pennsylvania Senate Democrats paid Microsoft over %700,000 to completely rebuild the IT networks

Pennsylvania Senate Democrats paid Microsoft a whopping $703,697 to repair its IT system after ransomware attack.

The incident occurred in March 2017^[1] and resulted in a complete computer and network being locked out. The lawmakers immediately contacted the FBI, which helped officials with the investigation. Not much information was released during the time, as the Federal Bureau urged the officials to hide any details that might hinder the case.

According to reports, bad actors demanded 28 Bitcoin (around $30,000 at that time). The senators found themselves in the situation that is very common to ransomware victims – resort to landline phones and paper. Nevertheless, Democratic Leader Jay Costa said at the time that they had a reliable backup which has not been compromised.

Pennsylvania Senate Democrats decided not to pay and instead rebuild the computer infrastructure from scratch. This cost taxpayers^[2] more than $700,000. Nevertheless, it is not the first time governmental institutions are being attacked for the money extortion, as shows Midland ransomware attack, NHS WannaCry^[3] outbreak, Buffalo, N.Y., hospital attack and many more.

High profile organizations and governmental institutions decline to pay

Pennsylvania Senate Democrats incident showed that organizations are not willing to pay the ransom, even if it will result in much larger sum for the complete recovery. Besides, the FBI urges victims not to pay, as there is no guarantee that the decryption key will be recovered from crooks. Several other institutions decided to start all over again and ignore hackers.

The Colorado Department of Transportation^[4] was hit by SamSam ransomware in February this year and spent around $1.5 million while working towards full recovery and fixing 2,000 machines.

In March, Atlanta city was hit by SamSam ransomware as well, and crooks demanded a payment of $51,000 for file release. Instead, the municipality decided to recover using backups, which cost them around $5 million. It is estimated that Atlanta will spend a further $9.5 million to recover from the attack completely.

The Erie County Medical Center in Buffalo, New York suffered from the same ransomware problem and made a drastic decision to rebuild the IT system without paying ransom as well. The medical institution laid out over $10 million in repair costs and had to shut down the operation for a few weeks.

Why not to pay?

The mentioned organizations decided not to pay ransom because the full recovery would still cost a lot. Additionally, compromised systems might stay vulnerable, resulting in further targeted attacks.

Some of the ransomware outbreaks are the result of cybercrime organizations attacks, such as Lazaro^[5] hacker group. These sophisticated hackers do not use spam email campaigns to spread ransomware (in such case, execution of one file might result in infection of company's network), but instead opt for more advanced propagation techniques like exploit kits, or inadequately protected Remote Desktop Protocol networks.

In general, security experts do not recommend paying ransom in case of a ransomware attack, be it home users or high-profile organizations. Instead, company leaders and IT specialists should concentrate on improved security measures and staff education on cybersecurity.