Content, Americas, Ransomware

Atlanta Ransomware Attack Update: City Refuses Cyber Kidnappers Demands, Still Assessing Damage


As of Monday morning, a ransomware attack that hit Atlanta’s network infrastructure late last week, crippling some municipal offices and customer-facing applications, is still plaguing the city. Officials have thus far refused to pay the extortionists’ $50,000 demand to restore the damaged systems.

Background: Early last Thursday morning (March 22, 2018), cyber kidnappers demanded roughly $50,000 in bitcoin to decrypt a number systems the crooks had rendered inaccessible. As far as anyone can tell, Atlanta’s airport, public safety offices, water services and the police and fire department were not infected. City employees were told Friday morning as they came to work not to turn on their computers. The FBI, the Department of Homeland Security and the Secret Service are involved in the case.

Atlanta mayor Mayor Keisha Lance Bottoms last Friday said that so far there’s no evidence that employee data has been lifted or that employee errors left cyber doors open for the attack. “Business continuity measures” are underway, she said.

Atlanta Ransomware Attack: What's Working, What's Infected

Some departments have been forced to conduct business the old school way with pen and paper. Here’s a current list of affected, not affected and partially affected services:

- The Atlanta police and fire departments and 911
- Department of Watershed Management
- Departments of Procurement, City Planning, Public Works, Parks and Recreation, Aviation, Atlanta Housing Authority

Not working online or partially operational:
- Department of Human Resources
- Department of Corrections
- Municipal Court
- ATL311

City Networks: Occasional Ransomware Victims

In general, city networks aren’t among the favorite targets of ransomware gangsters. One reason might be the refusal of some victimized cities to pay up. For example, in November, 2016, a ransomware attack took down ticket machines for San Francisco's light rail transit system on Thanksgiving weekend. Officials said at the time that they never considered paying the ransom, instead relying on their internal IT team that subsequently restored the system the next day.

And, seven months later, the city’s public television network was hit with a ransomware attack demanding $27,000 to reverse the damage. The station declined to pay, choosing the arduous task of rebuilding the affected systems.

Last December, in another incident in Georgia, a ransomware attacker disabled the state’s Department of Agriculture’s network for 11 days. In that episode, officials didn’t pay the ransom while IT security teams restored the systems.

Still, the overall rate of ransomware attacks continues to increase -- particularly in the midmarket, where 30 percent of organizations were hit in 2017.

Datto's State of Ransomware Report offers more stats specifically for the channel, along with guidance for combatting the malware.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.