To pay or not to pay: Lessons from DMACC ransomware attack

Des Moines Area Community College will resume online course instruction Thursday, two weeks after a ransomware attack brought classes to a halt.

• No ransom has been paid but talks with the "threat actor" continue, DMACC president Rob Denson told Axios Wednesday.

Why it matters: It's yet another wakeup call about our widespread vulnerability to hacks and the importance of investing in cybersecurity.

Catch up quick: DMACC's online courses were canceled June 3 and the college fully closed the following day because of the attack.

• In-person instruction resumed June 9.
• Investigators don't believe the hackers have "anything significant," but they continue talking with them as part of the investigation, Denson said.

The big picture: Ransomware is national crisis that FBI Director Christopher Wray this month likened to the Sept. 11, 2001 terrorist attacks.

• Data crucial to our food supply, health care, utilities and national security have been breached in recent months.

Be smart: DMACC's public transparency and its resistance in paying a ransom is a show of leadership that should be commended, Sen. Zach Nunn, the past cybersecurity director for the White House National Security Council, told Axios.

• Attacks are underreported because businesses and governments fear their reputations will be damaged if they publicly acknowledge them.
• Paying ransoms can make an institution an even bigger future target.

What's ahead: Iowa lawmakers have recently pushed to standardize the reporting of cyberattacks against governments.

• The requirements may help avoid the most dire consequences and better protect taxpayers, Nunn said.