Numerous big cities across the United States have fallen victim to ransomware attacks costing the municipalities tens of millions of dollars to recover. While some city administrators refrain from giving in to extortion demands, most end up paying in exchange for the decryption keys. Seeing how ransomware operators are showing no signs of stopping, city mayors have decided to stop giving in to extortion demands.

At the 87th annual meeting of the US Conference of Mayors this week, participating mayors from various big metropolises unanimously adopted a resolution not to pay any more ransom demands following a ransomware infection.

Acknowledging that targeted ransomware attacks on local US
government entities are on the rise, with 22 such attacks occurring so far in
2019, US city mayors have had enough.

“Ransomware attacks can cost localities millions of dollars
and lead to months of work to repair disrupted technology systems and files,”
they said.

“Paying ransomware attackers encourages continued attacks on
other government systems, as perpetrators financially benefit,” the resolution
adds. “The United States Conference of Mayors has a vested interest in
de-incentivizing these attacks to prevent further harm.”

The resolution is well founded. Even if IT administrators
cave in to the attackers’ demands, with the decryption key in hand they still
have their work cut out for them to recover the encrypted data. Just like
businesses bleed revenue from disruption, city systems incur similar material
and financial damage from a ransomware attack. Since ransom payments encourage
future attacks, why not try and boycott the payment?

While the resolution is certainly a step in the right direction
to thwart ransomware as a business, the rule of thumb should still apply: keep regular,
offline backups of your important data, away from prying eyes.