City of Atlanta Hit By Ransomware Attack

Published On March 30, 2018 | By Tom Huskerson | News and Analysis

The City of Atlanta computer network was hit by a ransomware attack last week. The attack left a portion of the city’s data encrypted. According to city officials the full extent of the attack is still under investigation.  Attackers were successful in shutting down some of the city’s online services, including “various internal and customer-facing applications” used to pay bills or access court-related information. The city’s mayor, Keisha Lance Bottoms, urged city employees and anyone who had conducted transactions with the city to carefully monitor their bank accounts in case their personal information is misused.

Ransomware is a software that takes control of a computer or computer network and shuts it down by encrypting the data until the ransom is paid. The attacker will usually threaten to destroy the data if the money is not paid. In Atlanta’s case the attacker has demanded approximately $51,000 in bitcoin. City officials have not said if they will pay the ransom. Experts believe paying the ransom will only encourage future attacks.

According to a local NBC news affiliate the ransomware used in the attack is part of a family of ransomware known as SamSam that has been deployed against governments and healthcare systems since 2015.

Though Atlanta’s population is just under 500,000 it is the ninth largest metropolitan area in the country and has the nation’s busiest airport. Atlanta’s new Chief Operating Officer, Richard Cox, who came on the job just a week ago,  said that several departments have been affected. But Cox pointed out that agencies responsible for public safety, water and airport services have not been affected. Mayor Bottoms stated that the city is working with the FBI, DHS, Microsoft and Cisco to find out what data may have been compromised.

The city issued a statement on Tuesday instructing employees that they could begin to turn their computers and printers back on. The move is part of an assessment of the overall impact of the attack. However, CNN reports that systems that allow residents to pay their water bills or parking tickets online remains shutdown. Police have been forced to do some paperwork by hand while some court proceedings have been cancelled.

Atlanta Mayor Keisha Lance Bottoms

Members of Mayor Bottom’s team informed Atlanta City Council members last week that there was  “a high likelihood that the incursion came through the City Council side of the building, through some software used by the Atlanta City Council called the Legislative Management System.”

According to NPR reporter Emily Cureton city officials were warned months ago of weak security in its computer systems. “The audit found a significant level of preventable risk to the city. The auditor writes there were long-standing issues, which city employees got used to and also didn’t have the time or resources to fix. The audit concludes Atlanta had no formal processes to manage risk to its information systems.

Rendition Infosec, a Georgia-based cybersecurity firm, tweeted on Tuesday that it had uncovered data showing a handful of city computers came under attack last year.

Jake Williams, owner of Rendition Infosec said, “We dug into our data and perhaps unsurprisingly, at least 5 of their machines were compromised in April 2017.”

Now the problem facing Atlanta officials is that time is running out to pay the ransom. According to NPR there may be nowhere to send the money. A local television station obtained a copy of the ransome note and tweeted the message out. The result was the payment portal set up by the attackers, with the countdown clock, was disabled. The portal contained a link to a bitcoin wallet.

According to the city’s information webpage there is no resolution in site at this time. According to Mayor Bottoms, “Everything is up for discussion.”





Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *