With recovery costs reaching nearly $2.7M, should Atlanta have paid the ransomware demand?