Paying ransom demands in the hopes of regaining access to critical data is controversial, to say the least. Succumbing to extortion goes against conventional advice and wisdom against incentivizing the cybercrime business model, but sometimes organizations feel they have no other choice and paying seems like the best option at the time. However, paying a ransom is not straightforward. Just ask Lake City, the 65,000 population city in Florida who voted to pay their attackers a negotiated price of 42 bitcoins, worth approximately $500,000 at the time of payment, to end a ransomware attack that reportedly began on June 10 (see the June 27 Security and Resilience Update for the original coverage). In a follow up story, The New York Times published details of Lake City’s recovery efforts, minus technical details not able to be disclosed due to the active FBI investigation. Lake City should be applauded for their transparency to help others from having to endure a similar incident, particularly during the throes of their response and painful recovery efforts. The account poignantly highlights potentially hidden costs associated with ransomware recovery. In addition to the ransom, organizations are likely to incur fees related to higher insurance premiums (if insurance even paid the claim), exorbitant rates to cyber incident response firms, and a significant investment in updating system backup architecture – and that is just for starters... Members are encouraged to read the post and (if you haven’t already) consider bolstering your backups and retaining a cyber incident response firm sooner, rather than later for more money. Read the article in the New York Times