Over 225 mayors across the US have backed a resolution to not pay ransoms to hackers, as reported by The New York Times. The resolution, titled “Opposing Payment To Ransomeware Attack Perpetrators,” states that the mayors stand “united against paying ransoms in the event of an IT security breach.”
The resolution came out of the annual US Conference of Mayors, which took place in Honolulu from June 28th through July 1st. According to the statement, at least 170 county, city, or state government systems have been targeted by ransomware attacks since 2013. These attacks use malware programs that render systems inoperable, with the hacker(s) usually demanding payment in the form of cryptocurrency in exchange for restoring systems.
The resolution comes after nearly two dozen US cities were hit by ransomware attacks this year, including Lake City, Florida, which authorized a payment of 43 bitcoins to a hacker in order to regain access to its phone and email systems. Another recent, high-profile attack began in Baltimore in May, which shut down essential city systems via a phishing email. The hackers responsible demanded 13 bitcoins (around $76,280 at the time, and now estimated at around $151,599) from the city. But Sheryl Goldstein, the mayor’s deputy chief of staff for operations, was advised by the FBI to not pay the ransom because “we would bear much of these costs regardless.” It’s estimated that the attack has cost the city at least $18 million.
Baltimore Mayor Bernard C. “Jack” Young sponsored the measure at this year’s conference, saying in a statement on Wednesday, “Paying ransoms only gives incentive for more people to engage in this type of illegal behavior.”
The US Conference of Mayors represents 1,407 cities, each with a population of over 30,000. A universal stand against paying bad actors is aligned with the recommendation from the FBI, and it could discourage future attacks against the cities whose mayors have backed the measure.