Illustration: Aïda Amer/Axios

The conventional wisdom about ransomware is that when local governments pay the ransom, it encourages more criminals to launch more attacks. But that's not necessarily the case, experts say.

Between the lines: The costs of recovering from a ransomware attack are often greater than the cost of the ransom.

Background: The victims of ransomware attacks are typically targets of opportunity, and cities generally aren't the primary targets. Corporations are — and they often pay up.

  • "The fact is, paying a ransom does not create a market," said Forrester Research's Josh Zelonis. "There already is a market."

By the numbers: Riviera Beach and Lake City, Florida, paid a combined $1.1 million in ransom over about a week in June.

  • Meanwhile, Atlanta spent $17 million restoring systems rather than pay a $50,000 ransom last year.
  • Baltimore is likely to spend $10 million restoring its own systems refusing to pay a $75,000 ransom this year. The disruption to its city services may cost another $8 million.

The intrigue: For some cities, the best response might be to pay the ransom, then use the millions of dollars that would have been spent on recovery to strengthen cyber defenses before the next attack.

  • "If you don't learn from the past, you will end up being ransomed again," said Deborah Golden, the new head of Deloitte's cyber consultancy.
  • Whether a city pays, doesn't pay or has yet to be attacked, prevention will often save money.

What's next: Regardless of the decision a city might make, Golden said, it's important to game plan what will happen in a ransomware attack.

  • In some cases, that might mean developing non-digital alternatives to the services that may be put on hold during an attack. "Is there a way to do something manually in the time it takes to set up the automation again?" she asked.

Go deeper

Postal slowdown threatens election breakdown

In 24 hours, signs of a pre-election postal slowdown have moved from the shadows to the spotlight, with evidence emerging all over the country that this isn't a just a potential threat, but is happening before our eyes.

Why it matters: If you're the Trump administration, and you're in charge of the federal government, remember that a Pew poll published in April found the Postal Service was viewed favorably by 91% of Americans.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 2 p.m. ET: 21,280,608 — Total deaths: 767,422— Total recoveries: 13,290,879Map.
  2. U.S.: Total confirmed cases as of 2 p.m. ET: 5,335,398 — Total deaths: 168,903 — Total recoveries: 1,796,326 — Total tests: 65,676,624Map.
  3. Health: The coronavirus-connected heart ailment that could lead to sudden death in athletes — Patients grow more open with their health data during pandemic.
  4. States: New York to reopen gyms, bowling alleys, museums.
  5. Podcasts: The rise of learning podsSpecial ed under pressure — Not enough laptops — The loss of learning.

USPS pushes election officials to pay more for mail ballots

Protesters gather in Kalorama Park in D.C. today before demonstrating outside the condo of Postmaster General Louis DeJoy. Photo: Cheriss May/Reuters

The Postal Service has urged state election officials to pay first class for mail ballots, which Senate Democratic Leader Chuck Schumer says could nearly triple the cost.

Why it matters: Senate Democrats claim that "it has been the practice of USPS to treat all election mail as First Class mail regardless of the paid class of service."