To pay or not to pay: Lessons from DMACC ransomware attack
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Brendan Lynch/Axios
Des Moines Area Community College will resume online course instruction Thursday, two weeks after a ransomware attack brought classes to a halt.
- No ransom has been paid but talks with the "threat actor" continue, DMACC president Rob Denson told Axios Wednesday.
Why it matters: It's yet another wakeup call about our widespread vulnerability to hacks and the importance of investing in cybersecurity.
Catch up quick: DMACC's online courses were canceled June 3 and the college fully closed the following day because of the attack.
- In-person instruction resumed June 9.
- Investigators don't believe the hackers have "anything significant," but they continue talking with them as part of the investigation, Denson said.
The big picture: Ransomware is national crisis that FBI Director Christopher Wray this month likened to the Sept. 11, 2001 terrorist attacks.
- Data crucial to our food supply, health care, utilities and national security have been breached in recent months.
Be smart: DMACC's public transparency and its resistance in paying a ransom is a show of leadership that should be commended, Sen. Zach Nunn, the past cybersecurity director for the White House National Security Council, told Axios.
- Attacks are underreported because businesses and governments fear their reputations will be damaged if they publicly acknowledge them.
- Paying ransoms can make an institution an even bigger future target.
What's ahead: Iowa lawmakers have recently pushed to standardize the reporting of cyberattacks against governments.
- The requirements may help avoid the most dire consequences and better protect taxpayers, Nunn said.