Washington (AFP)

Municipal services in Baltimore, a major port city on the east coast of the United States, were paralyzed earlier this year by a ransomware attack, a malicious computer program that hijacks personal data.

This extortion software has blocked the editing of municipal bills. City officials had refused to pay the $ 76,000 claimed by hackers who had encrypted the city's files, making them illegible without the decoding key they are alone to own.

The municipality had to invest $ 18 million to restore and rebuild the city's computer networks.

The Baltimore dilemma and the similar one in Atlanta, Georgia, a year ago highlight the tough choices cities, hospitals, and businesses face from these ransomware attacks, or "ransomware" in English .

- The stock market or the night -

These attacks can block the essential services of organizations whose computer networks are obsolete or vulnerable. Two Florida cities reportedly paid a total ransom of $ 1 million this year to re-access their files.

Globally, losses related to this type of attack increased by 60% last year to $ 8 billion, according to data from the organization Online Society Alliance (Internet Trust Alliance).

In the United States, at least 170 county, city, and state systems have been affected since 2013, with 22 incidents this year, according to the Mayors' Conference.

It adopted a resolution opposing the payment of ransoms.

"We are seeing more attacks on cities because it is clear that they are poorly prepared and (...) do not have the funds to fix them," said Gregory Falco, internet security researcher. at Stanford University.

- Endemic proportions -

For Frank Cilluffo, head of the Auburn University Cyber ​​Security Center, these attacks have reached endemic levels. "The scale of the problem is striking and affects everyone, from relatively robust states to large metropolises to cities and smaller counties."

"Police, schools and libraries, health agencies, public transit systems and the courts are targeted ... no jurisdiction is too small or too big to escape," he said. he recently declared during a congressional hearing.

Health facilities are also often victims of choice, so the Hollywood Presbyterian Hospital revealed in 2016 that it paid $ 17,000 to hackers to re-access vital data.

The French Ministry of the Interior said in a recent report that the authorities reacted to some 560 incidents related to ransomware software in 2018.

While the FBI warns of the payment of ransoms, some analysts say there is no clear solution for victims when critical data is locked.

"You have to do the right thing for your organization," says Falco.

For Josh Zelonis of Forrester Research, it must be recognized that "the payment of a ransom is a valuable recovery path that must be explored alongside other efforts," he writes in a blog.

But for Randy Marchany, head of IT security at Virginia Tech University, the best solution is to be uncompromising. "I do not agree with any organization or city that pays a ransom," Marchany said.

"Victims will have to rebuild their infrastructure anyway." If you pay the ransom, the hackers give you the decryption key but you have no guarantee that the ransomware software has been removed from all your systems, so you have to rebuild them when same, "he explains.

Targeted companies or institutions often fail to take preventive measures such as updating their software or backing up data that would limit the damage caused by the attacks.

But victims may not always be aware of possible solutions without paying, said Brett Callow of Emsisoft, one of the security companies offering free decryption tools.

He reports coordinated efforts by security companies, including Europol partner No More Ransom and ID Ransomware, who can identify certain malware and sometimes unlock data.

© 2019 AFP