The U.S. Conference of Mayors unanimously adopted a resolution proposed by Baltimore calling on members to refuse to pay ransoms to hackers if their cities fall victim to cyberattacks.
The measure was approved at the organization’s annual meeting in Hawaii last week.
“Paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit,” the resolution reads. “The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm.”
Democratic Mayor Bernard C. “Jack” Young, who did not attend the meeting this year, proposed the resolution after Baltimore fell victim to a ransomware attack in May that crippled city systems. Hackers demanded a digital payment equivalent to $76,000 to unlock city files, but officials refused to pay.
The FBI also advises victims not to pay, saying the ransoms can be used to fund other kinds of crime.
But in recent weeks, a pair of cities in Florida have opted to make a combined payment of $1 million, tapping their insurance policies to cover the cost. Officials in those cities have said paying provided an alternative to rebuilding system systems and the risk of permanently losing public records.
A study by cybersecurity firm Recorded Future found that about 170 state and local government entities have fallen victim to ransomware attacks since 2013. About 17% opted to pay the ransom, according to the study — a rate lower than the 45% of all types of victims estimated to pay.
The Conference of Mayors represents 1,400 American cities with populations of at least 30,000. At its annual conference, it adopts resolutions spelling out its official positions and distributes them to Congress and the White House.