The City of Atlanta computer network was hit by a ransomware attack last week. The attack left a portion of the city’s data encrypted. According to city officials the full extent of the attack is still under investigation. Attackers were successful in shutting down some of the city’s online services, including “various internal and customer-facing applications” used to pay bills or access court-related information. The city’s mayor, Keisha Lance Bottoms, urged city employees and anyone who had conducted transactions with the city to carefully monitor their bank accounts in case their personal information is misused.
Ransomware is a software that takes control of a computer or computer network and shuts it down by encrypting the data until the ransom is paid. The attacker will usually threaten to destroy the data if the money is not paid. In Atlanta’s case the attacker has demanded approximately $51,000 in bitcoin. City officials have not said if they will pay the ransom. Experts believe paying the ransom will only encourage future attacks.
According to a local NBC news affiliate the ransomware used in the attack is part of a family of ransomware known as SamSam that has been deployed against governments and healthcare systems since 2015.
Though Atlanta’s population is just under 500,000 it is the ninth largest metropolitan area in the country and has the nation’s busiest airport. Atlanta’s new Chief Operating Officer, Richard Cox, who came on the job just a week ago, said that several departments have been affected. But Cox pointed out that agencies responsible for public safety, water and airport services have not been affected. Mayor Bottoms stated that the city is working with the FBI, DHS, Microsoft and Cisco to find out what data may have been compromised.
The city issued a statement on Tuesday instructing employees that they could begin to turn their computers and printers back on. The move is part of an assessment of the overall impact of the attack. However, CNN reports that systems that allow residents to pay their water bills or parking tickets online remains shutdown. Police have been forced to do some paperwork by hand while some court proceedings have been cancelled.
Members of Mayor Bottom’s team informed Atlanta City Council members last week that there was “a high likelihood that the incursion came through the City Council side of the building, through some software used by the Atlanta City Council called the Legislative Management System.”
According to NPR reporter Emily Cureton city officials were warned months ago of weak security in its computer systems. “The audit found a significant level of preventable risk to the city. The auditor writes there were long-standing issues, which city employees got used to and also didn’t have the time or resources to fix. The audit concludes Atlanta had no formal processes to manage risk to its information systems.”
Rendition Infosec, a Georgia-based cybersecurity firm, tweeted on Tuesday that it had uncovered data showing a handful of city computers came under attack last year.
Jake Williams, owner of Rendition Infosec said, “We dug into our data and perhaps unsurprisingly, at least 5 of their machines were compromised in April 2017.”
Now the problem facing Atlanta officials is that time is running out to pay the ransom. According to NPR there may be nowhere to send the money. A local television station obtained a copy of the ransome note and tweeted the message out. The result was the payment portal set up by the attackers, with the countdown clock, was disabled. The portal contained a link to a bitcoin wallet.
According to the city’s information webpage there is no resolution in site at this time. According to Mayor Bottoms, “Everything is up for discussion.”