In response to a recent news story out of Midlothian (noted here), an editorial in The Journal Times reminds law enforcement that they should take their own advice and not pay ransom to hackers who lock up police files.
As the editors note, the Midlothian incident is not the first time law enforcement has paid ransom:
Last November, the Dickson County Sheriff’s Department in Tennessee paid out $572 when the same virus infected its computers. The sheriff there said his first reaction was “we are not going to be held hostage. But, he said, “once it was determined which records were involved and that they were crucial to victims of crimes in this county, and to the operations of the sheriff’s office and the citizens of this county … I had no choice but to authorize to pay this.”
I don’t recall ever seeing that case, but I do recall the one in Detroit earlier last year. In that case, the city didn’t pay the demand for hundreds of thousands of dollars.
As the editors note:
Paying ransom, even cheap ransom, is never a good policy, and it’s particularly unseemly when a police agency is held up.
Read more on The Journal Times.
We’ll probably never know how often entities pay ransom and just quietly go about their business if they’re lucky enough to get the promised decryption key, but the editors have a point: this should not be one of those “Do as we say, not as we do” situations.