The link to the article: Mazech
What I don’t understand is why NSA did not help? They could crack it. Florida city is part of the US, right? Am I wrong?
Why do you think this? The NSA is often thought of as having virtually magical computing abilities, but properly implemented encryption with a strong encryption key is practically unassailable.
Even when businesses and cities pay for consulting and security help, the consultants often simply pay the ransom and get the key and charge the business the cost of the ransom plus a markup.
There might also be a case of ‘you made your bed…’. No doubt all public authorities get advice from central government about beefing up their security, but they are often reluctant to spend the money.
And if the NSA did have the capability to decrypt strong encryption, they wouldn’t give the game away by helping out some random city over a piddling $600K. (Not that I believe that they actually have that capability)
I know it’s a very old book, but Cliff Stoll’s The Cuckoo’s Egg provides some insight into the NSA. First a quote from someone he met there: “NSA listens rather than talks.” More succinct is the joke that “NSA” stands for “Never Say Anything.”
Fixing hacked municipal computer systems would involve, if nothing else, admitting that they can fix hacked municipal computer systems.
Also, paying the hackers is a pretty reliable way to recover data. The hackers have a strong incentive to be honest - otherwise nobody would ever pay the ransom.
If you look at the history of cryptography, every algorithm gets broken eventually. NSA has so much resources and is back by the US government.
And yet, they still can’t break effective encryption. And if they could, they wouldn’t do it in this case.
How do we know that NSA is not able to break a currently used effective encryption? The fact that they have not publicized it does not mean they have not broken it. Am I wrong? 
Has the “there’s no evidence so it must be true” argument ever worked?
First, all encryption is breakable given enough time and computing power. We can estimate the processing effort required to break a certain type of encryption and the amount of CPU cycles, and we can come up with an estimate like “it would take 1000 CPUs eleventy gazillion years to break this”. Breaking modern encryption algorithms, if they are effectively implemented, is said to be “computationally infeasible”. That is, it would require so much time or so many CPU cycles, that it’s effectively impossible, even for massively resourced organizations.
Second, the NSA is in the business of spying, not providing support to local cities or other organizations.
Third, lots of cities, faced with the need to get services back up ASAP, elect to pay the ransom. Many cybersecurity insurance policies will reimburse you for the cost of the ransom, so if you have the insurance, paying the ransom is often the least painful option. This has the unfortunate side effect of encouraging the hackers, but if you’re a city administrator and you need to keep the buses running, and provide 911 service, and everything else, paying the ransom is mighty attractive.
There is no brute force way to break the encryption. Not unless they have some pretty powerful computers they haven’t disclosed, or that they have found a way to factor numbers in polynomial time. Both are possible, but possible in the sense that me winning the lottery fifteen times in a row is possible, without buying a ticket.
That there may be some clever way to exploit a vulnerability in the encryption is a much better possibility. And if the NSA has discovered such a vulnerability, they are absolutely not going to disclose that they have done so, and close their window into surveilling what criminals thought was safe.
So, most likely answer is that they did not help out because they are not able to. It is not possible to do. The second most likely answer is that they could do it, but doing so would disclose too much of their capabilities, prompting criminals and terrorists to develop a newer more secure cryptography system.
What makes you think that??
Um, it’s history.
Tangent: are the Floridians feeling embarrassed by the subsequent revelation that billions of dollars are flowing to the Norks?
It’s Florida.
“Every algorithm gets broken eventually”? No, history doesn’t say that. Unless maybe you use a very generous definition of “eventually”. Then it only proves that encryption can be broken after decades of advances in computer hardware and software.
[Moderating]
Since the OP is evidently not interested in factual answers, let’s just move this to IMHO.
This is the answer.
Florida paid because it would cost a lot more to not pay. Look at recent stories about Baltimore. They didn’t pay and it cost them 10 times the amount to fix their systems.
The NSA is not going to help with non-National Security or Critical Infrastructure systems. And in the off-chance that they decided to help because they were bored, or the Director has an aunt in Florida or whatever, you’ll never know about it. And the people who DO know about won’t say anything about it under penalty of jail time.
The Florida system had vulnerabilities because they don’t know anything about cyber security, like most governments, companies, and individuals. Almost any system connected to the Internet nowadays can be exploited and subjected to a ransomware attack.
The head of the Justice Department is saying this week that commercial companies should weaken their encryption so the FBI and other law enforcement agencies can access encrypted devices and communications. Obviously, the FBI is going to have far more access to US Government capabilities than some random municipality in Florida.
What do these facts say to you about your assumption that the US Government can crack strong encryption?