Image
Mayor Keisha Lance Bottoms didn't downplay the severity of ongoing ransomware infection in a news conference. As quoted by Reuters:
News of the attack first emerged on 22 March after city officials traced "outages on various customer facing applications, including some that customers may use to pay bills or access court-related information," to a crypto-malware infection. Public safety cameras along with other critical assets like 911 emergency systems and water delivery services reportedly didn't experience any disruption as a result of the attack. The ransomware left a note informing officials that they could either unlock each affected unit for 0.8 Bitcoins ($6,800) or recover the entire system for 6 Bitcoins ($51,000). According to CBS 46, officials would then need to leave a comment on their website with the host name. The attackers would in turn reply to that comment with decryption software. Based on the language used in the note, one security expert told 11Alive that the offending program is likely a variant of SamSam. This family of ransomware is responsible for two separate attacks that targeted Colorado's Department of Transportation (CDOT) in late-February/early-March. https://twitter.com/ATLPublicWorks/status/977605490573217792 As of this writing, Atlanta is still in the process of recovering from the attack. It has learned the identity of the attackers and determined that they infiltrated the city's systems remotely. However, it has declined to elaborate on that finding and has not indicated whether it will ultimately pay the ransom demand. The municipality continues to investigate the incident with the help of the FBI, U.S. Department of Homeland Security, Cisco security experts and Microsoft.This is much bigger than a ransomware attack, this really is an attack on our government. We are dealing with a (cyber) hostage situation.
