Among the most dire consequences of a successful cyber exploit are ransomware attacks. Costs for dealing with ransomware average out to tens of thousands of dollars, with the price tag presently doubling every quarter. State and local governments—often with underfunded network infrastructures—fi nd themselves less prepared to resist ransom demands and are paying an average of $338,700, according to ransomware consultancy Coveware.

These public sector attacks offer a window into the methods and risks of ransomware attacks, as these are often more openly covered in the media. There are, unfortunately, plenty of them to look at, with 53 attacks targeting state and local governments in 2018, according to a report from threat-intelligence fi rm Recorded Future. 2019 is tracking to be well above that figure.

Consider Riviera Beach, Florida, with an IT department of ten people. A police department employee there opened a phishing email and the resulting encryption of city data led to a demand for a bracing $600,000 ransom payment. Lacking better options and with at least half the money coming from a cyberinsurance policy, the city opted to pay the ransom. This worked, but still leaves them the cost of repairing and bolstering their infrastructure so that they don’t fall prey to another attack. The City of Baltimore, another media-covered ransomware victim, estimates that overall costs from their recent incident will cost in excess of $18 million!