Atlanta City Government Hit With Crippling Ransomware Attack

Fri, 03/23/2018 - 22:25

In an unprecedented attack on the IT systems of a major municipal government, hackers are demanding ransom payable in bitcoin after seizing control of computers belonging to the Atlanta city government, AFP reports.

The ransomware assault shut down multiple internal and external applications for the city, including apps that people use to pay bills and access court-related information, Mayor Keisha Lance Bottoms told a news conference Thursday.

The attack also impacted the city's emergency-response services - forcing dispatchers answering 911 calls to take down reports with a paper and pen

"This is a very serious situation," Bottoms said.

City officials said they learned of the attack before dawn Thursday when they detected unusual activity on their servers and discovered that some of the city's data had been encrypted without their consent.

Shortly after, the city government received a ransom note giving instructions for paying to free up files encrypted by the hackers.

Atlanta

The hackers - perhaps having learned from the relatively small take received during previous ransomware attacks like last year's infamous "WannaCry" global assault - are demanding the city pay a relatively modest ransom: Six bitcoins - or about $51,000.

Newsweek reports that a note provided to city officials included step-by-step instructions on how to pay. It linked to a website URL hosted on the dark web. But at a press conference led by Bottoms, officials told the public they are still assessing the extent of the attack.

"The City of Atlanta has experienced a ransomware cyberattack," confirmed chief operating officer Richard Cobbs during the briefing. This attack has encrypted some of the city data, however we are still validating the extent of the compromise."

A statement released to the public read: "The City of Atlanta is currently experiencing outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information."

"At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," it added. "We are confident that our team of technology professionals will be able to restore applications soon."

Bottoms demurred when asked whether the city is contemplating paying the ransom.

On the option of paying the ransom, Bottoms said: "We can’t speak to that right now, we will be looking for guidance specifically from our federal partners on how best to navigate the best course of action. Right now, we are focused on fixing the issue."

"The explanation is simple, we don’t know the extent. I would ask that people assume you may be included if personal data has been breached. We don’t know if it's information related to just our employees or if it’s more extensive than that. Because we don’t know, I think it would be appropriate for the public to be vigilant checking their accounts and making sure credit agencies can also be notified."

The FBI warned in 2016 that victims of ransomware attacks should refrain from paying ransoms, explaining that it would not guarantee that their data would be released, and, furthermore, would only embolden criminals.

That attack hit more than 200,000 companies, hospitals, government agencies and other organizations in 150 countries, but most of the victims opted to let their data be erased rather than pay the ransom.

The FBI and Department of Homeland Security are investigating.

WannaCry, Petya and other major ransomware attacks were carried out using NSA cyberweapons that were stolen by a group called the Shadowbrokers, who've been selling a cache of NSA weapons to whoever is willing to buy them - even launching a subscription service last year. It's unclear what type of ransomware is being used in the Atlanta attack.

Comments

philipat philipat Fri, 03/23/2018 - 22:46 Permalink

Um, backups? And there is a lot of inexpensive (and free) software to protect against this. But, of course, this is Gubmin so, yeah...

And this, of course, on top (no pun intended) of the recent ATL problems. Atlanta does seem to have more than its fair share of "issues" recently? Remind me again who runs Atlanta?

Croesus are we there yet Fri, 03/23/2018 - 23:20 Permalink

It's amazing to me, that "The People" continue to have ANY faith in government, at all.

Between the corruption, endless lying, outright criminality, and sheer ineptitude, a thinking person has to ask themselves, "How much longer, can this 'Merry-go-round of Idiocy' continue?"

At what point, does the realization suddenly hit people, that they're placing way too much trust in the wrong kinds of people?

The fact that political gridlock prevents anything meaningful from being accomplished, coupled with the aforementioned problems, is exactly the fuel that gives rise to dictatorships.

Maybe that's part of the plan.

I wonder how supportive the Libtards will be of "gun control", when those days arrive, and they realize what it all really means for them?

chumbawamba Croesus Fri, 03/23/2018 - 23:30 Permalink

$51K is a small price to pay for a hard lesson learned, certainly less than the cost of manually trying to undo the damage at this point. Pay the ransom, take it out of the IT manager's salary and put in a fucking firewall.

I am Chumbawamba.

NVTRIC Yen Cross Fri, 03/23/2018 - 23:48 Permalink

Our fire department got their server encrypted recently, dipshit firefighters logging in to the server, then surfing the web.  If you knew how dumb most cops and firefighters really were, you would never fucking call 911.

 

We let them sweat for about 4 hours or so, then restored the server from a recent full backup.  Did anyone get fired? Any policy changes? Any thanks?

 

HAHAHAHAHAHA.

warsev Fri, 03/23/2018 - 22:30 Permalink

If the perps could get to the data to encrypt it, they could get to it and download it, and then possibly sell it for much more than the ransom (depending on what's in it) or hold it for more ransom later. Not good for Atlanta. Decent IT security is much cheaper in the long run.

DCFusor warsev Fri, 03/23/2018 - 23:49 Permalink

What no one seems to think of or mention is that if you can get to that data, you can change it or write your own.  How would most of these idiots know any different.  I bet there are tons of completely successful undetected scams based on that idea - welfare or medicare or SS fraud just the most obvious and tiniest tip of the iceberg.

Who won that overpriced  contract, really?

They all trust their databases....

TooBlackToFail Fri, 03/23/2018 - 22:35 Permalink

"The attack also impacted the city's emergency-response services - forcing dispatchers answering 911 calls to take down reports with a paper and pen" ... Pfff yea, if they actually answer the phone. I called 911 once in Atlanta. Got voice mail. They called me back 45 minutes later.

quesnay Fri, 03/23/2018 - 22:50 Permalink

Too bad there was just no warnings that ransomware was a thing and maybe you should ... do backups or something. Completely unforeseeable. Just one of those things. /s

Captain Nemo d… Fri, 03/23/2018 - 23:16 Permalink

A very serious situation indeed. Nothing will get done and people will realize nothing has changed for the worse.

Except, of course emergency services, but then how difficult is it to write on a piece of paper with a pen?

Sid Davis Fri, 03/23/2018 - 23:47 Permalink

Wow, 911 call operators are having to write down the call information of paper using pens.  Now they are going to need to find ones that know how to write. Good luck.

Conax Fri, 03/23/2018 - 23:52 Permalink

Mayor Keisha Bottoms, folks. I'm sure the surname is appropriate. She probably has the bottoms of at least two women in that trunk.

truthalwayswinsout Fri, 03/23/2018 - 23:52 Permalink

Let me see. The most serious penalty hackers get is having to work for the NSA.

What needs to be done is simply track them down and kill them. Every hacker can be found. Once found do not reward them nor give them due process. Simply kill them. Watch how fast hacking stops.

Watch how fast drug dealing stops when do you do the same thing.

 

 