Atlanta Ransomware Attack Shows Cities Not Prepared for Long-Term Security Breaches

Atlanta is in the dark thanks to a cyberattack. Flickr Creative Commons

Atlanta is being held hostage by hackers.

The Georgia capital has been subject to a ransomware attack by the mysterious SamSam hacking crew since last Thursday. While city employees were finally able to use their computers on Tuesday, police officers are still writing reports by hand, and city courts are closed. Residents can’t pay bills online or use Wi-Fi at the airport.

“We are dealing with a hostage situation,” Mayor Keisha Lance Bottoms said in a statement.

Atlanta’s public safety services such as 911, police and fire-rescue are unaffected by the breach. No personal information has been compromised yet, though Bottoms warned city employees and all residents to check their bank accounts regularly.

Like other ransomware attacks, this virus crippled computers and wireless networks and blocked access to important data. SamSam encrypted victims’ files, changed file names to “I’m sorry” and threatened to make the data permanently inaccessible within a week.

The city will only get control back if it pays a ransom of $51,000 in Bitcoin to the attackers.

Bottoms has not said publicly whether the city will pay the ransom—she told CNN that “everything is up for discussion.”

Making the payment may actually be more cost effective than restoring an entire compromised computer network (especially one that’s already been offline for almost a week).

It’s not clear how SamSam got access to Atlanta’s municipal computer network, though the attack was remote and not internal. Dell SecureWorks and Cisco Security are working to restore computer access in the city.

Bad actors have targeted cities before. A hacker attack in Dallas last year set off tornado sirens in the middle of the night, and the Colorado Department of Transportation has been targeted twice this year.

But few attacks have been as widespread as the one hitting Atlanta, which has a metro area of about six million people.

Ransomware emerged in Eastern Europe in 2009, when cybercriminals used malicious code to lock users’ computers and then demanded 100 euros to unlock them again. Over the past decade, hacker groups and even some countries have perpetrated increasingly serious attacks while demanding large amounts of money.

The most famous example is last year’s WannaCry cyberattack, in which North Korean hackers used malicious software stolen from the National Security Agency to attack tens of thousands of people in more than 70 countries. As a result of the attack, FedEx couldn’t deliver packages in the United States and Britain’s National Health Service rejected patients.

These large attacks can also be lucrative: according to security experts, cybercriminals made more than $1 billion from ransomware in 2016.

Almost 25 percent of local governments in the United States have experienced cyberattacks. Indeed, in the days since the Atlanta attack, the city of Loganville, Georgia was hit with its own security breach.

In spite of this, less than half of these municipalities have developed a formal cybersecurity policy. Some employees haven’t even been taught how to spot phishing emails meant to trick them into opening ransomware.

Bottoms, who took office in Atlanta in January, said that she had not considered cyber-defense a high priority before. The city’s former chief information office Samir Saini moved to New York City last month.

But now online security “certainly has gone to the front of the line,” she said. “We need to focus on the security of our digital infrastructure.

The mayor also attempted to make light of the situation—she told The New York Times the attack would be “a nice exercise in good penmanship” for her younger employees.

It’s almost certainly a lesson they would rather do without.

Atlanta Ransomware Attack Shows Cities Not Prepared for Long-Term Security Breaches