Renee Dudley, ProPublica, via Ars Technica:
On June 24, the mayor and council of Lake City, Florida, gathered in an emergency session to decide how to resolve a ransomware attack that had locked the city's computer files for the preceding fortnight. Following the Pledge of Allegiance, Mayor Stephen Witt led an invocation. "Our heavenly father," Witt said, "we ask for your guidance today, that we do what's best for our city and our community."
Witt and the council members also sought guidance from City Manager Joseph Helfenberger. He recommended that the city allow its cyber insurer, Beazley, an underwriter at Lloyd's of London, to pay the ransom of 42 bitcoin, then worth about $460,000. Lake City, which was covered for ransomware under its cyber-insurance policy, would only be responsible for a $10,000 deductible. In exchange for the ransom, the hacker would provide a key to unlock the files.
"If this process works, it would save the city substantially in both time and money," Helfenberger told them.
Without asking questions or deliberating, the mayor and the council unanimously approved paying the ransom. The six-figure payment, one of several that US cities have handed over to hackers in recent months to retrieve files, made national headlines.
Left unmentioned in Helfenberger's briefing was that the city's IT staff, together with an outside vendor, had been pursuing an alternative approach. Since the attack, they had been attempting to recover backup files that were deleted during the incident. On Beazley's recommendation, the city chose to pay the ransom because the cost of a prolonged recovery from backups would have exceeded its $1 million coverage limit, and because it wanted to resume normal services as quickly as possible.
"Our insurance company made [the decision] for us," city spokesman Michael Lee, a sergeant in the Lake City Police Department, said. "At the end of the day, it really boils down to a business decision on the insurance side of things: them looking at how much is it going to cost to fix it ourselves and how much is it going to cost to pay the ransom."
Ransomware is proliferating across America, disabling computer systems of corporations, city governments, schools and police departments. This month, attackers seeking millions of dollars encrypted the files of 22 Texas municipalities. Overlooked in the ransomware spree is the role of an industry that is both fueling and benefiting from it: insurance.