Leominster Public Schools paid $10,000 to hackers to get back their data in April.
Melrose and Tewksbury Police Departments also made payments in the last few years.
But ransomware attacks are now hitting bigger targets. Major U.S. cities like Atlanta and Baltimore have been crippled by cyber attacks in the last few weeks, forcing police departments to resort to pen and paper instead of computers. Hackers demanded $51,000 in Bitcoin from the city of Atlanta, but the city refused to pay. Atlanta did pay $2.6 million in recovery costs.
All it takes is One Click to Cripple a City
Former hacker Adriel Desautels says all it takes is one city employee to click on a phishing email, and a central server is attacked, locking all of the data. Desautels is now the CEO of the Stowe-based computer security firm Netragard.
"The value of the information that's contained by the various states and even cities is arguably even higher than the information held by most companies," said Desautels.
Often municipalities don't have the resources like a bank or a big company to fight off a cyber assault, and when it comes to disrupting lives, an attack on a city or town can be devastating
The "Heartbeat of the City"
The data hacked can be a city's lifeline: from tax payments and traffic lights to payroll, waste-water treatment, 911 calls and trash collection.
If it's networked, it's vulnerable.
Boston 25 News contacted mayors' offices in Brockton, Lowell, Worcester and Boston for their cyber security protocols
Only Worcester and Boston responded.
By email, Boston told Boston 25 News the city spent millions of dollars on cyber-security and "it has not had an infection that resulted in any type of payment." Boston's policy is to never pay a ransom.
The same is true in Worcester.
"There's no guarantee you're going to get your data back from the hijackers once you pay it and also it kind of sets a standard that your willing to pay and it shows the hackers they can keep doing that, said Worcester's Deputy Chief Information Officer Eileen Cazaropoul.
She tells Boston 25 News, this data is the "heartbeat of the city" and Worcester has several layers of security to protect it, including an email system that blocks traffic from certain countries.
Lee Rossey is the co-founder of Simspace.. a Boston-based cybersecurity firm. He says no network will ever be 100% secure, but employee training, network separation, and good back-ups can reduce risk.
"Don't open suspicious email, have good anti-virus, and have good things on your network that are looking for that," Rossey said.