Inside the Judicial Challenges of When Ransomware Strikes a City

Earlier this year, the City of Atlanta suffered a ransomware attack on the city’s computer systems. The attack affected more than one-third of Atlanta's 424 essential programs, close to 30 percent of which were “mission critical” functions. While most of the visible damage has been remedied, the effects of the attack will be felt for a long time. Disruptions and delays were common across a wide variety of connected city services. At Hartsfield-Jackson International Airport, one of the busiest airports in the world, authorities shut down Wi-Fi service to prevent potential spread of the ransomware to thousands of phones and devices used by travelers. The effects of the attack were greater than these inconveniences, though. Some areas of the Atlanta City Government lost up to 10 years of records and documents, which cannot be recovered. The city indicated they had not found indications that citizens’ personal information was stolen or misused. It’s been estimated that it will cost an additional $9.5 million and up to $17 million in total following the initial $2 million needed to repair the damage caused by SamSam. Local governments are notoriously cash-strapped, and an unexpected $11.5 million bill creates a budget dilemma. This amount is likely a small part of the overall budget of Atlanta but unexpected costs add up quickly. This money will certainly have to come at the expense of other services or programs. As a depository of essential records, residents will continue to face challenges working with the City in their efforts to complete basic requests like permits, inspections, or anything else that was compromised. These effects could be felt for months or years to come as required records are gradually found to be no longer available. Potentially more harmful than any monetary cost to the city or nuisance for residents will be the effects on the justice system in one of the busiest court systems in the nation.

How Ransomware Affects Your Right to Justice

For most in Atlanta, the attack was a nuisance. People were forced to delay payment of a water bill or wait longer for a home construction permit, which is certainly inconvenient. For those like me, who rely on the city government daily, the attack disrupts my work as an attorney. For my clients and others, who have an expectation of efficient court proceedings, this had a serious impact. Attacks like the one Atlanta experienced can cause jail and court system shutdowns, which may jeopardize people’s freedom and legal rights, including rights to speedy trial and due process for criminal defendants and persons pending arraignment. Beyond the immediate consequences, there are real, long-term consequences to our citizens’ right to justice, such as loss of evidence, reclamation of seized property, and hearing postponements. So far, the effects on the court system have ranged from fairly minimal for some to potentially life-changing for others. Parking tickets are a major source of income for a metropolitan area the size of Atlanta, and due to the ransomware attack, drivers could not pay fines or satisfy citations in a timely manner. In addition to the delayed income for the city, the system’s downtime caused a great deal of confusion about fines, penalties and appeals: how to pay in the interim, if late fees would be assessed, and more. Some victims of crimes are unable to retrieve property that was seized as evidence. Even though cases have already concluded and the police department has been ordered to return property, they are unable to do so because of the attack. Frustrated citizens have also taken to the Municipal Court’s Facebook page, primarily angry with their inability to resolve traffic citations. Now, forced to rely on a postcard for accurate court hearing information, even Chief Judge Christopher Portis reluctantly hopes “people will read the postcards before discarding them as junk mail.” City officials have countered with “Why do you care? You’re not going to be penalized.” The lack of clarity has produced anxiety and inconvenience for residents who want a swift end to their legal matter. Others face more serious consequences than a looming traffic citation. Servers holding “years” of police dashcam footage that might have been used in DUI, police misconduct or assault case investigations has been lost. One Atlanta police department investigator, Matthew Condland, was quoted saying that the impact extends beyond lost dashcam footage: “As a result...of the cyber attack against the city, all of my files, all 105,000 files, were corrupted.” Dashcam footage is often the most crucial piece of evidence in a DUI case. Without it, the defense loses significant material evidence to substantiate their claims and avoid a permanent mark on the client’s criminal record. Carrying a DUI conviction can mean losing a job, high insurance premiums, losing driving privileges or even jail time. If dashcam footage had captured inappropriate or illegal officer conduct to be cited in a police misconduct case, that is gone now as well. Dashcam footage is important forensic evidence if the officer is involved in a collision or accused of using excessive force. Without the footage, it may be impossible to prove a client’s claims and consequently receive justice. We know for a fact that this source of evidence is gone, but are there other resources that have been compromised? What pains me as an attorney is knowing that justice in the city will continue to be negatively impacted for months or years to come as this is resolved. The attack broke the routines on which the courts depend for smooth functioning and docket management, so major delays in court processing times occurred. My clients were left to wonder what would happen next when I could not provide reliable information about their case. I personally sat down at the Municipal Court for hours waiting for information on behalf of clients. I have colleagues with multiple DUI cases who will now have to completely adjust their defense strategies. It will be difficult for me to bring any police misconduct cases to the court if there is no supporting video evidence. The Atlanta Municipal Court is one of the busiest courts in the country and the most active in the southeast region, processing 250,000 cases per year. For the past three months since the ransomware attack, the Atlanta Municipal Court has processed cases by hand with pen and paper. Municipal courts across the country are already notorious for being overworked and slow to deliver justice. This attack further impacted our right as citizens for a speedy trial and effective due process.

In the weeks and months since the attack, it’s estimated that 46,000 cases have been postponed. Court spokeswoman Tialer Maxwell stated that 11,000 cases have been processed on paper since the attack, during a period that would normally fulfill over 57,000. The online court filing system was down, so attorneys, court officials, and citizens anxiously awaiting their day in court were left with no clarity on their cases status.

Efficient and fair justice proceedings are a core service that most people rely on a city to provide. This episode has certainly made it harder, damaging the trust between residents and the City. Without knowing more about the true scope of the damage (as of June 11, 2018, court systems are back online), it’s very hard to estimate the how big the damage is and for long we will feel the attack’s effects.

Preventative Cybersecurity is Critical

Ransomware had a big year in 2017, and it hasn’t slowed down. In the case of the Atlanta ransomware attack, the hackers demanded around $51,000 in Bitcoin in return for restoring the city’s computer systems. Unfortunately, it is likely that we will continue to see an increase in ransomware attacks in the United States as people’s use of smartphones and connected devices grow. The increased use of BYOD (bring your own device) policies at businesses also add to the risk. If one employee experiences a cybersecurity breach, they can unwittingly spread the malware throughout their company when they take their device to work. However, being aware of the current and future risks ransomware poses will go a long way towards helping mitigate the issue. Like many other cities who have been targeted, Atlanta is an example of how an attack creates short and long-term challenges to providing basic and essential services to residents. With many city governments already carrying the reputation as slow and overburdened, additional complexities and challenges will have unfavorable consequences for residents. This predicament makes cybersecurity for local governments a critical concern. Cybersecurity breaches expose businesses’ and residents’ personal and financial information. In a worst-case scenario, a government hack could interrupt first responder and urgent care services and cause loss of life and personal property. Although a cyberattack may be less dramatic than a physical attack, its’ effects are potentially more damaging in the long-run.

What Can Governments Do Now to Prevent Attacks?

Aside from any technical measures that governments should take, an important step would be to raise awareness around the potential damages of an attack with the stakeholders of the City. People like myself, an attorney who utilizes city functions daily, should be made aware of the risks and pushed to challenge their governments to take action. City governments often make an easy punching bag, but they are reflections of their residents. We, as communities need to do our part to help ensure that cities are in the best position possible to continue to deliver services. This includes changing our thinking beyond the immediate and advocating for preventative cybersecurity in local government. Regardless of the current state of your computer systems, there are some simple steps that can reinforce control over a city’s critical systems.

1. Maintain computer systems in good condition using reputable and licensed software.
2. Use good antivirus protection and update it regularly.
3. Run security scans as recommended or even more often.
4. Have a disaster recovery plan in place.
5. Maintain backups with minimal latency, allowing you to get back up and running in a matter of minutes by rebooting from backups and continuing operations.

Employee education is one of the best defenses against ransomware attacks. Make sure your staff is familiar with good IT security practices. Ensure they observe security procedures, perform regular maintenance, and report any unusual situations. Employees must also avoid creating risks such as bringing in non-approved devices into contact with equipment in restricted areas. One risk that occurs more often in governmental agencies than in the business world is legacy systems. Many federal agencies have older systems that no longer get vigorous manufacturer surveillance, patches, and updates. This is true for local governments, as well. Additional funding at the local, state, and federal level to modernize is a smart investment and insurance policy against the larger costs of an attack. Hopefully, this is a cautionary tale, and others are able to take the actions that will protect them from a similar outcome. Local governments who don’t take the time to prepare staff now and suffer an attack will likely face frustrated residents for months and years to come.  

Image

About the Author: Maha Amircani is an attorney in Atlanta, Georgia, and founder of Amircani Law. A Georgia native born to immigrant parents from Egypt, Maha, represents clients in city, state and federal court litigation, as well as administrative proceedings. Her practice specializes in the areas of personal injury, criminal defense and real estate closings. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.