A ransomware attack on the city of Atlanta on Mar. 22 has left officials scrambling to provide services to residents. Many critical services, like public-safety and wastewater treatment, have been unaffected. Meanwhile, other systems have ground to a halt or slowed considerably.
For instance, the city is temporarily not accepting employment applications. New water service requests and other planning services can be made in person, but processing times are longer than usual. The Hartsfield-Jackson International Airport has disabled its wifi and taken security wait times and flight information off its website out of an abundance of caution.
Perhaps the biggest headache for the city is keeping the courts running during the mayhem. The city court cannot validate warrants or process ticket payments (even in person). Court dates continue being pushed back (via tweets) as the city struggles with the ransomware attack.
RESET NOTICES WILL BE MAILED. pic.twitter.com/hyV3pcLSE0
— ATL Municipal Court (@ATLCourt) March 28, 2018
Mayor Keisha Lance Bottoms gave few details on what the city’s response would be.
When asked if she would consider paying the $51,000 ransom, Bottoms admitted, “Everything is up for discussion.” She added that she would consult with federal authorities to determine the best course of action. The city hired a private security company, SecureWorks, to investigate the attack. The FBI, Homeland Security, and the Secret Service are all involved in determining exactly what happened.
“I just want to make the point that this is much bigger than a ransomware attack,” Bottoms said at a press conference. “This is really an attack on our government, which means it’s an attack on all of us.”
Fears that the attackers accessed personal data continue.
Officials initially warned city employees and any member of the public who had made transactions with the city to check their bank accounts for fraudulent activity.
“Because we don’t know, I think it would be appropriate for the public just to be vigilant in checking their accounts and making sure their credit agencies have also been notified,” Bottoms said shortly after the incident.
On March 26, an official tweet from the city reiterated that sentiment but added that there is still no evidence that sensitive data has been compromised.
GENERAL REMINDER: At this time, there is no evidence to show that customer or employee data has been compromised. However, customers and employees are encouraged to take precautionary measures to monitor and protect their personal information.
— City of Atlanta, GA (@Cityofatlanta) March 28, 2018
The city hasn’t identified the attacker, but media reports point to a familiar name.
A New York Times article has identified the SamSam hacking crew as the responsible party. While few details are known about SamSam, they do have several trademarks.
The group tends to target large organizations who have the resources to pay a hefty ransom. SamSam also has sophisticated methods of covering their tracks that allow them to attack organizations repeatedly.
The same group victimized the Colorado Department of Transportation twice this year.
The first attack shut down over 2,000 employee computers, forcing workers to use pen and paper to complete work. The city decided not to pay the ransom, but to painstakingly clean the computers of any malware.
When the city’s IT professionals had cleared 20 percent of computers for employee use, a variant of SamSam reinfected them. Hearing stories like these, it’s easy to understand why some organizations simply pay the ransom.
To put even more pressure on victims, the SamSam attackers generally target health care facilities and municipal organizations. Allscripts, Adams Memorial Hospital, Erie County Medical Center, and the city of Farmington, New Mexico all fell prey to SamSam ransomware in the last year.
Atlanta is now learning a painful but useful lesson in cybersecurity.
The city is documenting its progress and answering frequently asked questions on its website, while the mayor promises that more attention will be given to cybersecurity in the future.
“Just as much as we really focus on our physical infrastructure, we need to focus on the security of our digital infrastructure,” Bottoms said. “I am looking forward to us really being a national model of how cities can shore themselves up and be stronger because of it.”
