Ransomware has been one of the fastest-growing cyber threats faced by many businesses over the last couple of years, and the news that one city in the US has caved to the demands of hackers should highlight the risks that any organisation could face.
It was reported last week that the city of Riviera Beach in Florida, which has a population of 35,000 people, paid a ransom of $600,000 (£470,000) to regain access to its networks after a ransomware attack locked users out of critical systems.
The Palm Beach Post reported the attack prevented workers accessing emails, meant emergency calls could not be recorded, and knocked systems that controlled utilities such as water offline.
The incident occurred after an employee at the city clicked on a malicious link in an email. This illustrates the damage that can be done from just one basic mistake, and the importance of having both effective antimalware systems and good employee training in place to prevent such threats.
Riviera Beach is far from the first public organisation to fall victim to ransomware attacks. In the US alone, more than 170 state and local governments have experienced ransomware attacks, while systems in the UK were badly affected by the WannaCry attack in 2017.
Public bodies such as these are said to be particularly tempting targets for ransomware authors, as they have critical service and safety systems that cannot afford the downtime inflicted by such attacks.
Such incidents can prove extremely costly. For instance, in March last year, Atlanta was targeted by ransomware, with the hacker demanding a payment of $51,000 in Bitcoin. While the city refused to pay, it is estimated its total costs in damages and recovery amounted to around $17 million.
This potential for even higher costs may therefore tempt many organisations into paying a ransom, though this is usually advised against by security experts, as it can incentivise hackers to make further attacks, and there is no guarantee that payments will restore access to systems.