The city of Atlanta is struggling to recover from a ransomware infection days after the initial attack targeted its computer network.
As of 26 March, the municipality was still struggling to collect customers’ online payments for bills and fees. Such disruption continues to plague the State of Georgia’s capital city at a time when Atlanta is busy hosting games for the National Basketball Association’s annual March Madness tournament, among other events.
Mayor Keisha Lance Bottoms didn’t downplay the severity of ongoing ransomware infection in a news conference. As quoted by Reuters:
This is much bigger than a ransomware attack, this really is an attack on our government. We are dealing with a (cyber) hostage situation.
News of the attack first emerged on 22 March after city officials traced “outages on various customer facing applications, including some that customers may use to pay bills or access court-related information,” to a crypto-malware infection.
Public safety cameras along with other critical assets like 911 emergency systems and water delivery services reportedly didn’t experience any disruption as a result of the attack.
The ransomware left a note informing officials that they could either unlock each affected unit for 0.8 Bitcoins ($6,800) or recover the entire system for 6 Bitcoins ($51,000). According to CBS 46, officials would then need to leave a comment on their website with the host name. The attackers would in turn reply to that comment with decryption software.
Based on the language used in the note, one security expert told 11Alive that the offending program is likely a variant of SamSam. This family of ransomware is responsible for two separate attacks that targeted Colorado’s Department of Transportation (CDOT) in late-February/early-March.
As @Cityofatlanta officials & federal partners continue working around the clock to resolve issues related to the ransomware cyber attack launched against the City, solid waste & other DPW operations are not impacted.
— ATLPublicWorks (@ATLPublicWorks) March 24, 2018
As of this writing, Atlanta is still in the process of recovering from the attack. It has learned the identity of the attackers and determined that they infiltrated the city’s systems remotely. However, it has declined to elaborate on that finding and has not indicated whether it will ultimately pay the ransom demand.
The municipality continues to investigate the incident with the help of the FBI, U.S. Department of Homeland Security, Cisco security experts and Microsoft.