Ransomware, Breach, Content

City of Atlanta Spends Nearly $2.7M on Ransomware Attack Recovery


The Atlanta government has spent approximately $2.7 million to address last month's ransomware attack that affected multiple applications and client devices, according to the city's Department of Procurement. Cybercriminals had demanded a ransom of about $50,000 in bitcoin to decrypt the Atlanta government's systems.

Eight emergency contracts related to the Atlanta ransomware attack were awarded between March 22 and April 2, the city's Department of Procurement reported. These contracts accounted for expenditures related to incident response and digital forensics, Microsoft Cloud infrastructure expertise and various ransomware attack response efforts. It sounds like two Top 100 MSSPs -- namely, Secureworks and EY -- have been heavily involved in the recovery processes.

Atlanta Ransomware Attack: Here's What You Need to Know

Atlanta Mayor Keisha Lance Bottoms
Atlanta Mayor Keisha Lance Bottoms

The City of Atlanta experienced a ransomware attack on March 22. As a result, some city data was encrypted, and customers were not able to access city applications.

Atlanta officials have not found any evidence that indicates sensitive employee or public data was compromised due to the ransomware attack, Mayor Keisha Lance Bottoms told The Atlanta Journal Constitution. However, Bottoms has urged Atlanta employees and residents to monitor their accounts and credit activity.

In addition, Atlanta officials are working with numerous private and governmental partners, including the U.S. Department of Homeland Security (DHS) and U.S. Secret Service. Atlanta officials also have hired Mike Cote, CEO of MSSP Secureworks, to investigate the ransomware attack and created a cyberattack response team.

Are There Benefits to Paying a Cyber Ransom?

The City of Atlanta has already paid more in its cyberattack recovery efforts than it would have been required to pay based on the initial ransom demanded by cybercriminals. Yet not all ransomware attacks are created equal, and as such, there is no surefire way to determine whether it is better to refuse to pay a cyber ransom or comply with cybercriminals' demands.

Cybercriminals sometimes fail to decrypt files or return them to affected users after an organization pays a cyber ransom. In fact, a survey of 1,200 IT security professionals conducted by market research firm CyberEdge Group revealed only 19 percent of ransomware victims who pay a cyber ransom get their files back.

Organizations also should note cybercriminals may demand additional funds after an organization complies with a cyber ransom request. Comparatively, there is no guarantee that paying a cyber ransom or failing to comply with a cyber ransom request will stop cybercriminals from launching future attacks.

MSSPs can help organizations minimize the impact of ransomware attacks. These services providers can deliver endpoint protection and other security services to help organizations identify ransomware attacks and other cyber threats. Also, MSSPs can provide backup and recovery services to help organizations retrieve sensitive information that has been compromised due to a cyberattack.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.