Atlanta Struggles To Get Back Online After Ransomware Attack


City officials in Atlanta are working to clean up the remnants of a ransomware attack that hit the city late last week. Major city systems including emergency response and 311 are fully operational, but Atlanta Mayor Keisha Lance Bottoms told city residents and anyone who has done business with the city recently to monitor their personal information closely.

The attack is currently being investigated by the Department of Homeland Security, FBI and Secret Service. Mayor Bottoms also told reporters that the city is working with response teams from their technology providers including Cisco and Microsoft.

Ransomware started hitting city systems on March 22. Hackers demanded $51,000 in Bitcoin in order to stop the attacks. A city employee sent a screenshot of the demand to a local news outlet – WXIA, which included both a pay-per-computer option and a one-time payout to restore all systems. City officials have declined to comment on whether or not they paid the ransom.

In the interim, the city has altered some of its processes on impacted systems. Water payments are not yet being processed. Tickets and court appearances are being handled manually. Some court appearances are being rescheduled and the city has said it will not issue any failure to appear notices until all of the confusion can be worked out. As of Monday afternoon, the city was tweeting out individual notes about each city system and whether or not it had been compromised.

CSO Online is reporting that the ransomware used in the attack was SamSam and that the city of Atlanta had multiple access points for its attack. The group behind SamSam is believed to have made approximately $850,000 since the program was created.

Ransomware has been a problematic issue for cities. San Francisco lost use of its mass transit ticketing system as the result of a ransomware attack in 2016. Systems in Colorado and North Carolina have also been subject to ransomware this year. Recovery times can take anywhere from days to months based on the sophistication of the attacks.