The decision said that paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit.
"The United States Conference of Mayors has a vested interest in de-incentivising these attacks to prevent further harm. The United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach."
The resolution adopted this week at the 87th annual meeting of the US Conference of Mayors doesn't have any legal binding, but can be used as an official position to justify administrative actions, for federal authorities and taxpayers. The Conference of Mayors includes over 1,400 mayors from across the US, representing cities with a population of over 30,000.
The organisation said that "at least 170 county, city, or state government systems have experienced a ransomware attack since 2013 and 22 of those attacks have occurred in 2019 alone".
Previous victims include Lynn, Massachusetts, Cartersville, Georgia, Jackson County, Georgia, and Key Biscayne, Florida. The city of Richmond Heights, Ohio, fell victim to a ransomware attack this week.
The resolution was put forward by the mayor of Baltimore, Bernard Young, whose city's IT network was infected with ransomware in May this year.
Hackers asked for a $75,000 ransom, but the city declined to pay and restored from backups and rebuilt its IT network. It cost the city more than $18 million.
Two Florida cities paid a combined $1 million to hackers for decryption keys to unlock and recover their data.
Hackers exploit the fact that some cities fail in backing up their data, and are left with no choice but paying to recover crucial documents or face massive fines.
Both the FBI and cyber-security experts usually advise against paying the ransom demand, unless there's no other way to recover data. Everyone is urging municipalities to set up necessary data back-up routines. Most cities pay ransom demands via cyber-insurance policies.