The Atlanta Ransomware Attack left online services in America’s ninth largest Metropolitan area and fourth largest assemblage of Tech jobs disabled.
On Thursday, March 22nd, cyberwarfare was declared on the state of Georgia in the heart of its most populous city. The Atlanta ransomware attack unfolded during the wee hours of the morning and disrupted many of the city’s online systems. What resulted was the encryption of city data, and inaccessibility to multiple public and private applications and devices.
The attack primarily targeted the city’s utility and municipal court systems, rendering these and other applications (used by residents and city employees) inaccessible. It also struck the Hartsfield–Jackson Atlanta International Airport, one of the world’s busiest airline hubs, and ultimately paralyzed its Wi-Fi system.
The sophistication of the Atlanta ransomware attack is seemingly the byproduct of the SamSam crypto-ransomware family. This variant is believed to be highly advanced in its capability of organizing, infiltrating and proliferating through vulnerable databases and directories. The malware used in the Atlanta ransomware attack aborts common propagation vectors, opting instead for tortuous techniques (and tools contained within its batch files) to target and compromise data.
The Atlanta Ransomware Attack isn’t the First of its Kind
The servers of other government and private institutions have fallen victim to ransomware attacks in the past, as well. By encrypting an organization’s sensitive data and files, hackers gain leverage and can make demands, in the form of ransom, to be paid within specified time limits. Bitcoin is an idea transaction as it ensures the anonymity of the perpetrators of the attack. Security experts investigating the Atlanta ransomware attack, however, have linked it to an infamous hacking group notorious for its use of similar techniques against unsuspecting victims. It is believed that since the year 2015, the group behind these pernicious ransomware attacks has amassed a staggering amount of $850,000 in ransom.
As for Atlanta, the hackers demanded the city’s administration make six (6) bitcoin payments totaling $51,000 in exchange for restored access to hacked databases and files. They set up a payment portal with a countdown clock which was subsequently taken down before its deadline. The hackers cited spam as the reason for the portal’s disappearance, but it remains unclear whether the ransom will be paid, or if it already has been. Atlanta’s newly elected mayor, Keisha Lance Bottoms, suggested that at one point, all options were on the table.
Recovering from the Atlanta Ransomware Attack
Dealing with the effects of ransomware is no easy feat–particularly as governments become more reliant on software technology. But giving in to these demands may not play out well politically either. It doesn’t align with FBI policy, and Bottoms, who was elected in late 2017 after a bitter run-off campaign, worked hard to elevate herself above the city’s bribery and corruption investigation.
The city of Atlanta has constituted an incident response team to the Atlanta ransomware attack, comprising of members from governmental and private organizations, including officials from the Federal Bureau of Investigation, Secret Service and Homeland Security to probe into the matter. Services of a private information security services company, SecureWorks, were also tapped to investigate the matter. The company reported that it had completed the investigation of the data breach and was now transitioning to the recovery phase.
An estimated 8,000 employees in Atlanta were affected by the data breach. Even after eight (8) days, some were still bound to pen and paper for completing office related tasks, with only a handful of employees having online access to email. The extent of the damage inflicted by the Atlanta ransomware attack remains dubious. It has been reported that no evidence of sabotage or misuse of personal data was found, but residents were still cautioned to take appropriate precautionary measures to ensure the safety of their sensitive information.