Atlanta Dealing With Issues Big & Small After Latest Ransomware Attack

April 09, 2018 by Alex Collins, IT Services Consultant

Atlanta just can't catch a break.

After a crippling overpass collapse in April of last year and a fire at the Hartsfield-Jackson Atlanta International Airport in December, the city suffered another kick in the stomach with a ransomware attack on March 22nd – one the New York Times labeled “one of the most sustained and consequential cyberattacks ever mounted against a major American city.”

The cyberattack encrypted a significant chunk of Atlanta’s municipal government computer systems, demanding six bitcoin (about $51,000) in exchange for the key to unlock the data. SamSam – the hacker group behind the attack – chooses their targets well. Since 2015, their high-value targets have netted them a bitcoin-denominated take totaling over $850,000.

All told, SamSam's attack locked up computer systems for many of Atlanta's 8,000 municipal employees – and a wide variety of services for metropolitan Atlanta's 6 million residents. “We are dealing with a hostage situation,” Atlanta Mayor Keisha Lance Bottoms grimly announced.

Impact of the Atlanta Ransomware Attack

Unlike most ransomware attacks on private businesses, the effects of the Atlanta cyberattack rippled far beyond the building. Here are a few areas where headaches outnumbered solutions:

Atlanta Police: homicide cases locked up. For a week after the attack, Atlanta Police detectives were not allowed to turn on their computers, and when they did, they only found a sarcastic SamSam message waiting.

The encrypted police files affect the ongoing prosecution of cases, putting many investigations on hold until IT managers unlock the case management system.

Luckily, most other law enforcement systems were not affected. According to Atlanta Police Chief Erika Shields, the emergency response and dispatch systems were still running, but “officers had reverted to writing reports on paper out of an abundance of caution.”

Mayor Bottoms saw the humor in the situation: “For some of our younger employees, it will be a nice exercise in good penmanship,” she said.

Court system: ground to a halt. Atlanta's municipal court system was hit hard by the attack. Tickets, warrants, and inmate processing had to be done by hand, increasing the backlog for ordinary citizens waiting for a court date.

Court proceedings for litigants not in police custody had to be canceled until the computer system was brought back online. The courts suspended failure-to-appear warrants for affected citizens, and rescheduled several court appearances without penalty.

City's online services: shut down. For a week after the attack, Atlanta residents could not pay water bills or report issues online. Some services were only available to walk-in customers, including zoning inspection requests, new water service requests, and water-meter renewals.  

With so many computers in city hall affected by the cyberattack, personnel have had to share online resources. Reuters reported one laptop shared by three city council staffers after the attack: as councilman Howard Shook put it, "it’s extraordinarily frustrating."

Airport Wi-Fi: 404'd. As part of a series of security measures taken by the municipal government, the Hartsfield-Jackson International Airport shut down parts of its website and turned off its Wi-Fi network. The measure inconvenienced travelers looking for flight information and security wait times.

Unlike Atlanta's court system, the airport infrastructure was not affected by the attack in any way, but, as their spokesman Reese McCranie put it, “we don't want to open up the airport to any possible cyberattack.” For a week after the attack, passengers had to check with their airlines for the information they needed.

Why Cities are Vulnerable to Ransomware

Public entities like Atlanta are unusually vulnerable to ransomware and other targeted attacks. Atlanta's wasn't the first ransomware attack to hit home, and certainly won't be the last.

A November 2016 ransomware attack on San Francisco's Municipal Transportation Agency took down the Muni's ticketing systems, forcing the city to allow riders in for free until the problem could be fixed. An April 2017 hack on Dallas' city warning system had over 150 emergency sirens blaring into the wee hours. And in November 2017, Sacramento's regional transit system suffered a cyberattack that crippled internal servers.

Hackers know that government offices tend not to spend lavishly on their IT departments: stakeholders prefer that they prioritize public works over protecting their systems from attack.

Atlanta was not entirely ignorant of its IT problems: in 2015, the city began the process of ISO 27001 certification, including commissioning an audit to review its security procedures. A report issued in January exposed a number of glaring gaps that put the city's IT security at risk – among other things, about a hundred servers were running obsolete versions of Windows software!

Preventing Ransomware from Holding You Hostage

As more hacker collectives shift from extorting vulnerable individuals to squeezing larger, meatier targets, ask yourself this: what are you doing to keep your company from getting in a hacker’s crosshairs?

If your business lacks the expertise and resources to deal with ransomware threats, All Covered can meet the shortfall by delivering the proactive monitoring of a managed service provider (MSP) with the prevention and protection of a managed security services provider (MSSP).

Find out how All Covered's comprehensive experience can help keep ransomware at bay – and keep your data safe from undergoing Atlanta's unfortunate and far-reaching hostage situation. Start by downloading our ebook on handling ransomware, and learn more about what you can do to prevent ransomware attacks.