How Ransomware Affects Your Right to JusticeFor most in Atlanta, the attack was a nuisance. People were forced to delay payment of a water bill or wait longer for a home construction permit, which is certainly inconvenient. For those like me, who rely on the city government daily, the attack disrupts my work as an attorney. For my clients and others, who have an expectation of efficient court proceedings, this had a serious impact. Attacks like the one Atlanta experienced can cause jail and court system shutdowns, which may jeopardize people’s freedom and legal rights, including rights to speedy trial and due process for criminal defendants and persons pending arraignment. Beyond the immediate consequences, there are real, long-term consequences to our citizens’ right to justice, such as loss of evidence, reclamation of seized property, and hearing postponements. So far, the effects on the court system have ranged from fairly minimal for some to potentially life-changing for others. Parking tickets are a major source of income for a metropolitan area the size of Atlanta, and due to the ransomware attack, drivers could not pay fines or satisfy citations in a timely manner. In addition to the delayed income for the city, the system’s downtime caused a great deal of confusion about fines, penalties and appeals: how to pay in the interim, if late fees would be assessed, and more. Some victims of crimes are unable to retrieve property that was seized as evidence. Even though cases have already concluded and the police department has been ordered to return property, they are unable to do so because of the attack. Frustrated citizens have also taken to the Municipal Court’s Facebook page, primarily angry with their inability to resolve traffic citations. Now, forced to rely on a postcard for accurate court hearing information, even Chief Judge Christopher Portis reluctantly hopes “people will read the postcards before discarding them as junk mail.” City officials have countered with “Why do you care? You’re not going to be penalized.” The lack of clarity has produced anxiety and inconvenience for residents who want a swift end to their legal matter. Others face more serious consequences than a looming traffic citation. Servers holding “years” of police dashcam footage that might have been used in DUI, police misconduct or assault case investigations has been lost. One Atlanta police department investigator, Matthew Condland, was quoted saying that the impact extends beyond lost dashcam footage: “As a result...of the cyber attack against the city, all of my files, all 105,000 files, were corrupted.” Dashcam footage is often the most crucial piece of evidence in a DUI case. Without it, the defense loses significant material evidence to substantiate their claims and avoid a permanent mark on the client’s criminal record. Carrying a DUI conviction can mean losing a job, high insurance premiums, losing driving privileges or even jail time. If dashcam footage had captured inappropriate or illegal officer conduct to be cited in a police misconduct case, that is gone now as well. Dashcam footage is important forensic evidence if the officer is involved in a collision or accused of using excessive force. Without the footage, it may be impossible to prove a client’s claims and consequently receive justice. We know for a fact that this source of evidence is gone, but are there other resources that have been compromised? What pains me as an attorney is knowing that justice in the city will continue to be negatively impacted for months or years to come as this is resolved. The attack broke the routines on which the courts depend for smooth functioning and docket management, so major delays in court processing times occurred. My clients were left to wonder what would happen next when I could not provide reliable information about their case. I personally sat down at the Municipal Court for hours waiting for information on behalf of clients. I have colleagues with multiple DUI cases who will now have to completely adjust their defense strategies. It will be difficult for me to bring any police misconduct cases to the court if there is no supporting video evidence. The Atlanta Municipal Court is one of the busiest courts in the country and the most active in the southeast region, processing 250,000 cases per year. For the past three months since the ransomware attack, the Atlanta Municipal Court has processed cases by hand with pen and paper. Municipal courts across the country are already notorious for being overworked and slow to deliver justice. This attack further impacted our right as citizens for a speedy trial and effective due process.
In the weeks and months since the attack, it’s estimated that 46,000 cases have been postponed. Court spokeswoman Tialer Maxwell stated that 11,000 cases have been processed on paper since the attack, during a period that would normally fulfill over 57,000. The online court filing system was down, so attorneys, court officials, and citizens anxiously awaiting their day in court were left with no clarity on their cases status.Efficient and fair justice proceedings are a core service that most people rely on a city to provide. This episode has certainly made it harder, damaging the trust between residents and the City. Without knowing more about the true scope of the damage (as of June 11, 2018, court systems are back online), it’s very hard to estimate the how big the damage is and for long we will feel the attack’s effects.
Preventative Cybersecurity is CriticalRansomware had a big year in 2017, and it hasn’t slowed down. In the case of the Atlanta ransomware attack, the hackers demanded around $51,000 in Bitcoin in return for restoring the city’s computer systems. Unfortunately, it is likely that we will continue to see an increase in ransomware attacks in the United States as people’s use of smartphones and connected devices grow. The increased use of BYOD (bring your own device) policies at businesses also add to the risk. If one employee experiences a cybersecurity breach, they can unwittingly spread the malware throughout their company when they take their device to work. However, being aware of the current and future risks ransomware poses will go a long way towards helping mitigate the issue. Like many other cities who have been targeted, Atlanta is an example of how an attack creates short and long-term challenges to providing basic and essential services to residents. With many city governments already carrying the reputation as slow and overburdened, additional complexities and challenges will have unfavorable consequences for residents. This predicament makes cybersecurity for local governments a critical concern. Cybersecurity breaches expose businesses’ and residents’ personal and financial information. In a worst-case scenario, a government hack could interrupt first responder and urgent care services and cause loss of life and personal property. Although a cyberattack may be less dramatic than a physical attack, its’ effects are potentially more damaging in the long-run.
What Can Governments Do Now to Prevent Attacks?Aside from any technical measures that governments should take, an important step would be to raise awareness around the potential damages of an attack with the stakeholders of the City. People like myself, an attorney who utilizes city functions daily, should be made aware of the risks and pushed to challenge their governments to take action. City governments often make an easy punching bag, but they are reflections of their residents. We, as communities need to do our part to help ensure that cities are in the best position possible to continue to deliver services. This includes changing our thinking beyond the immediate and advocating for preventative cybersecurity in local government. Regardless of the current state of your computer systems, there are some simple steps that can reinforce control over a city’s critical systems.
- Maintain computer systems in good condition using reputable and licensed software.
- Use good antivirus protection and update it regularly.
- Run security scans as recommended or even more often.
- Have a disaster recovery plan in place.
- Maintain backups with minimal latency, allowing you to get back up and running in a matter of minutes by rebooting from backups and continuing operations.