Atlanta Grinds to Halt Following Cyber “Hostage Situation”

by: The Knowledge Group

April 02, 2018


Once again, we’re witnessing the vulnerability of a computer-reliant government to cyberattacks.

On March 22, some 8,000 Atlanta employees lost computer access. It’s among the worst security crises ever faced by a large U.S. city. The court couldn’t check arrest warrants, drivers’ services were shut down, and no one could apply for a city job.

A week later, residents are still having trouble paying municipal bills and reporting hazards online. Police and other departments continue to take reports on paper and postpone court proceedings. While city inspectors and zoning officials can be found and engaged in person, Atlanta is not capable of processing ticket payments at all.

The Usual Suspects

Atlanta’s attack has all the hallmarks of the SamSam group, which often asks around $50,000 in ransom to undo the damage they inflict.  SamSam targets hospitals and schools, police departments and first responders. Victims pay the ransoms because they can find the money, but not the time to cope with trying to restore their data. Colorado’s transportation department did fix its systems without paying SamSam; but the hackers were by then familiar with the department’s system. They struck again the following week with stronger software.

Over the past decade, ransomware attacks have grown into a billion-dollar underground industry. They’ve been used by private and even state actors, inflicting damage on targets in dozens of countries, involving businesses such as Merck and FedEx, Britain’s health clinics, federal agencies, and nuclear power sites.

What Now for Atlanta?

Mayor Keisha Lance Bottoms said that hackers had asked for $51,000, and called the attack “a hostage situation.” Six days in, there had been no public payment decision.

The FBI is investigating. As we go to press, the mayor says teams are working 24/7 to try to bring everything back online.

A private cybersecurity company, SecureWorks, was tapped to investigate and contain the breach, then embark on the painstaking restoration process.

U.S. Cities Need to Prepare

Ransom attacks comprise the most frequent type of city and county cybersecurity breaches. University of Maryland researchers, joined by the International City/County Management Association, report that a fourth of local governments face attack attempts at least hourly. Yet most local governments lack any formal emergency response strategy.

Much can be done. For example, staffers can learn to catch and avert “phishing” attempts intended to fool them into giving criminals access. Today’s governments must establish and fund cybersecurity departments as mindfully as any other public safety need.

You can earn all of your continuing education credits whilst keeping updated with this, and other cybersecurity issues with our live and recorded webcasts.  Click here to view our extensive library