Atlanta government systems hit by ransomware
The city of Atlanta has suffered a ransomware attack on Thursday, which resulted in outages of some of its customer facing applications, including some that customers may use to pay bills or access court-related information.
The city government alerted the public about the outages on Thursday morning via Twitter, but did not say at the time what was their cause.
Later that day, Keisha Lance Bottoms, the city’s mayor, held a press conference during which she confirmed that the operation of both internal and external apps was affected by the attack, and said that the FBI, the DHS, Microsoft and the Cisco cybersecurity incident response team are helping with the investigation.
At the same press conference, Richard Cox, the new Atlanta chief operations officer, shared that the city systems have been hit with ransomware and that the malware has encrypted some of the city’s data.
He noted that they still don’t know whether the attack resulted in the compromise of personal or financial information, but advised city employees to keep a close eye on their bank accounts, just in case their financial information has been stolen and is being misused.
He said that public safety, water services and airport operations departments have not been affected, nor has the city’s payroll.
Apparently, the city got notified of the incident when the city’s security department “noticed something peculiar on the server.”
Local NBC affiliate WXIA received a screenshot from a city employee that shows the ransomware message demanding a payment in Bitcoin “of $6,800 per unit, or $51,000 to unlock the entire system.”
“One expert said based on the language used in the message, the attack resembles the ‘MSIL’ or ‘Samas’ (SAMSAM) ransomware strain that has been around since at least 2016,” the news outlet noted.
The city officials did not say whether a decision has been made on whether or not they will be paying the requested ransom.
In the meantime, city employees have been advised to unplug their computers if they notice any suspicious activity.