Atlanta city hit by ransomware attack that locked down internal systems

City of Atlanta computers held hostage in ransomware attack

City officials confirm that Atlanta is dealing with a cyberattack that has locked down some internal systems and is holding them hostage using ransomware.

City officials confirm that Atlanta is dealing with a cyberattack that has locked down some internal systems and is holding them hostage using ransomware.

UPDATE (April 4): Fox reports that some of the city’s systems have resumed normal operation, including online payments for parking tickets. Other systems remain unavailable, however. Meanwhile, the airport’s wi-fi network is also up and running again after it was taken down as a precaution.

UPDATE (March 28): A statement by the Atlanta mayor’s office on Tuesday, March 27, reveals that employees were told that they could begin to turn their computers and printers back on in a move that is part of an ongoing assessment of the attack’s impacts. That said, systems that enable residents to pay their water bills or parking tickets online remain unavailable, according to a CNN report. Also, police officers continue to do some of their paperwork by hand while some court proceedings have been cancelled. Meanwhile, it has been reported that the attack bears the hallmarks of SamSam ransomware.

UPDATE (March 23): As of Friday afternoon EDT, the extent of the damage remains unclear. The Atlanta Journal-Constitution reported that Atlanta City Hall employees, when coming to work on Friday, were receiving printed instructions that, as a precaution, they should not use their computers. Hartsfield-Jackson Atlanta International Airport is playing it safe, too, in order to ensure that it remains unaffected. The world’s busiest airport has shut down its free wi-fi network and disabled some of its website’s functionalities.

The City of Atlanta’s computer network has fallen victim to a ransomware attack that has encrypted some of the city’s data, mayor Keisha Lance Bottoms announced at a press briefing on Thursday.

While the full extent of the compromise is still under investigation, the attack is known to have cut off some of the city’s online services, including “various internal and customer-facing applications” used to pay bills or access court-related information.

In addition, the mayor encouraged the city’s employees and anyone who had conducted transactions with the city to keep tabs on their bank accounts in case their personal information may have been misused.

New Atlanta Chief Operating Officer Richard Cox, who only started in the role this week, said that several departments have been affected. The departments responsible for public safety, water and airport services are operating as normal, however.

Local news channel WXIA showed a screenshot of an alleged ransom message that had been shared by a city employee. The note demands 0.8 bitcoin (roughly $6,800) per computer or 6 bitcoin ($50,000) for keys to unlock the entire system.

 

Figure: The announcement of the outages early on Thursday (source: Twitter)

The city learned of the attack at around 5:40 am local time on Thursday, when its IT security team noticed “something that looked peculiar” on a server and began investigating, the city’s acting Chief Information Officer Daphne Rackley was quoted as saying.

As for whether the city would pay the ransom, the mayor said that the city would seek guidance from federal authorities on how to “navigate the best course of action”.

Discussion