The Pennsylvania Senate Democratic Caucus paid $703,697 to Microsoft to rebuild its IT infrastructure after suffering a ransomware infection in March 2017.
The incident took place on March 3, 2017, when the organization's entire IT systems, including its web servers, went down at the hands of a yet-to-be-revealed ransomware strain.
Also: 7 tips for SMBs to improve data security TechRepublic
The ransomware encrypted files and requested payment of 28 bitcoins for the decryption key to unlock the ransomed data.
The ransom demand was worth nearly $30,000, based on the Bitcoin-to-US dollar exchange rate at the time, but officials declined to pay, opting to restore some of the data from backups and rebuilding its entire IT systems from scratch.
That decision resulted in a $700,000 invoice from Microsoft, according to information obtained via a Right-to-Know request by local reporters from TribLive.
But this has been a trend among ransomware victims in the past year. Pennsylvania Senate Democrats aren't the only ones who opted to rebuild their entire IT systems rather than pay a ransom demand.
The city of Atlanta was the victim of a similar attack earlier this year, in March, when the SamSam ransomware infected a large number of the city government's computers. While initial IT rebuilding costs were estimated at $2.6 million, that sum quickly rose to $9.5 million, and the final bill is now expected to reach a whopping $17 million.
Similarly, after getting hit by the SamSam ransomware twice in February and March, this year, the Colorado Department of Transportation also chose to rebuild its IT systems, which ended up costing the agency $1.5 million, so far.
Also: Best Home Security Devices for 2018 CNET
But the biggest confirmed post-ransomware IT rebuilding bill was reported by the Erie County Medical Center in Buffalo. The healthcare org told local press that after falling victim to a ransomware infection in the summer of 2017, they chose to pay $10 million for a brand new IT infrastructure instead of paying the smaller $30,000 ransom demand.
The reasons why all these organizations choose to rebuild their IT systems are because they'd have to do it anyway, regardless if they pay the ransom to recover data or not.
Some of these ransomware infections were the work of organized cybercrime groups that don't rely on spam email to infect organizations via careless employees, but on weak points in the IT infrastructure, such as insufficiently protected RDP endpoints, Java-based web apps, and more. These are targeted attacks that can be exploited repeatedly until system administrators deploy proper fixes.
Some organizations simply choose to rebuild and avoid future headaches, which in hindsight, is a much better idea, albeit costly in the short term.
Previous and related coverage:
Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.
This simple advice will help to protect you against hackers and government surveillance.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
If you can't answer these basic questions, your security could be at risk.
Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.
Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.
- Nasty piece of CSS code crashes and restarts iPhones
- FragmentSmack vulnerability also affects Windows, but Microsoft patched it
- Data breaches affect stock performance in the long run, study finds
- Why the 'fixed' Windows EternalBlue exploit won't die
- What is ransomware? Everything you need to know
- Woman pleads guilty to hacking police surveillance cameras
- New Virobot malware works as ransomware, keylogger, and botnet
- Cybercrime: Ransomware remains a 'key' malware threat says Europol