Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Axios on your phone

Get breaking news and scoops on the go with the Axios app.

Download for free.

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Shoshana Gordon/Axios

If you run a hospital, a bank, a utility or a city, chances are you'll be hit with a ransomware attack. Given the choice between losing your precious data or paying up, chances are you'll pay.

Why it matters: Paying the hackers is the clear short-term answer for most organizations hit with these devastating attacks, but it's a long-term societal disaster, encouraging hackers to continue their lucrative extortion schemes.

Driving the news: Colonial Pipeline paid hackers almost $5 million in ransom to restore its systems and get gasoline flowing again after a ransomware attack held the country's largest pipeline hostage, which resulted in widespread disruption of gasoline supply.

The big picture: "This creates a collective action problem — the bad guys win so they'll go out and hit someone else," said Betsy Cooper, director of Aspen Tech Policy Hub at the Aspen Institute.

  • "As an organization, you have to take into account the immediate costs versus the cost of your data. The less prepared you are, the worse it's going to be."

Threat level: Code red. Negotiating can backfire.

  • Last week, foreign hackers released sensitive files they stole from the Washington D.C. police department last month, after the department offered to pay $100,000 rather than the $4 million that was demanded to return the data, DCist reported.
  • The hackers reportedly said they'd keep the files public for months, even if the police department offered more than the original ransom.

Of note: The outfit responsible for the Colonial Pipeline attack announced it was shutting down Friday, but there's no sign the larger problem will abate.

By the numbers: Payments to ransomware attackers rose 337% from 2019 to 2020, reaching more than $400 million worth of cryptocurrency, according to figures just released by Chainalysis, a blockchain analysis company.

  • So far in 2021, hackers have raked in more than $81 million.
  • The average ransom payment has risen from $12,000 in the fourth quarter of 2019 to $54,000 in the first quarter of this year.
  • Chainalysis notes these figures are conservative because they are based on reported attacks and payments.

Many attacks at the local level go unreported and unnoticed. Attack disclosure requirements vary state by state.

Zoom in: A hospital near Kansas City, Mo., fell victim to an attack, paid the ransom, and then had to ask the city's government for help making payroll, Mayor Quinton Lucas told Axios.

"It's odd how under-discussed [cybersecurity] is when we talk about infrastructure," Lucas said.

  • "The challenge is not necessarily City Hall getting attacked, it's all the institutions that make up a city — the police department, banks, health systems — that all have different security companies working for them."

The irony: While having several different systems may seem inefficient, it disaggregates the risk, Cooper said.

  • "If you put all your eggs in one vendor's basket, if that vendor has a flaw, then everything that's touched by that vendor will be affected." she said.
  • "Just like you probably don't put all your money into one bank account, you probably shouldn't put all your security with one company," she said.

Between the lines: State and city governments are particularly vulnerable to attacks because it's well-known that public agencies often rely on outdated systems with less robust security defenses.

  • Stimulus funds flowing to states and municipalities could make them attractive targets for hackers.
  • While infrastructure funding is a big topic of conversation in Washington and states, it often comes in the form of grants for a specific purpose, like to repair roads or fix a bridge. Upgrading software and system security is often not thought of in the infrastructure category, and instead tackled separately every five or so years.
  • Prompted by the Colonial Pipeline crisis, the Biden administration issued an executive order last week to encourage data IT data sharing and implement stronger security standards. But it applies to federal agencies and contractors, not the local level.
  • A bipartisan group of House members is proposing to create a $500 million grant program for state and local government cybersecurity upgrades.

Companies that sell services to local governments are also attractive targets. In February, a ransomware attack hit widely used payment processor Automatic Funds Transfer Services.

  • The cybercrime operation known as "Cuba Ransomware" sold the stolen data, including personal addresses and other billing information, on the web, security site BleepingComputer reported.
  • The hack triggered data breach notifications from dozens of cities and agencies in California and Washington state.

Zoom in again: Last February, New Orleans was hit with a massive ransomware attack that crippled the city government. After the attack, the city weeded out old systems and machines, update files and install new software.

Then the pandemic hit, and the city had to quickly go fully remote — but it was ready.

  • "In that way, the cyber attack ended up being a huge blessing in disguise," said Liana Elliot, deputy chief of staff to Mayor LaToya Cantrell.

Upgrading its systems should have been done much sooner, Elliot said, but there was no money or political will — until the attack.

  • "Cities often can't do the things we need to do unless there's a crisis," she said.
  • New Orleans later upped its cyber insurance policy to $10 million.

What to watch: Ransomware groups are getting more hostile and are less likely to restore systems, even when they are paid the ransom, according to Accenture's latest report on cyber threats.

Go deeper

Pacific Northwest soon to be ground zero for record-shattering heat

Computer model projection showing the unusually strong heat dome over the Pacific Northwest on Sunday. (PivotalWeather).

A heat wave is bringing unprecedented high temperatures to the Pacific Northwest — a region of the country typically cooled by the ocean, rather than central air conditioning. The heat will begin Friday and last into early next week.

Why it matters: The heat wave will shatter monthly and all-time temperature records in the Pacific Northwest. Some of the records could break the old milestones by several degrees.

At least one person killed, 99 missing after deadly Miami-area condo collapse

A massive search-and-rescue operation is underway after a portion of a 12-story residential building in Surfside, Florida, collapsed at approximately 1:30 a.m. Thursday, according to AP.

The latest: Officials have accounted for 102 people who lived in the high-rise Champlain Towers South, but 99 people remained unaccounted for by midafternoon, said Mayor Daniella Levine Cava of Miami-Dade County at a press conference Thursday afternoon.

Biden strikes infrastructure deal with bipartisan group of senators

President Biden announced Thursday that he had agreed to a roughly $1 trillion infrastructure plan with a bipartisan group of ten senators, declaring: "We have a deal."

Why it matters: The agreement on the size and scope of an infrastructure package is a major achievement for Biden, who has long been a proponent of bipartisanship, but the compromise still faces serious hurdles in the House and Senate.