It has been nearly two weeks since the City of Atlanta’s municipal government was hit with a crippling ransomware attack that wiped millions of government files and left the city’s police and first responders relying on paper record-keeping.
So far, the city has made almost no progress in recovering its files. Police still don’t have access to vital databases and investigative files. The town’s auditor says the city’s books have been destroyed, aside from whatever’s left in the paper record. And top city officials are scrambling through a holiday weekend to piece together bits of city projects from personal computers and email addresses that weren’t affected by the hack. Almost every government department was affected by the hack – though fortunately 10 of the 18 machines in the city auditor’s office somehow avoided the hack.
“Our data management teams are working diligently to restore normal operations and functionalities to these systems and hope to be back online in the very near future,” said Carlos Campos, a spokesman for the Atlanta PD. Campos said that some officers have returned to filing digital reports.
City officials (with an assist from the FBI) are trying to work through the hack. But if they don’t find a way to recover at least some of the corrupted files soon, officials might be forced to pay the $51,000 ransom that the hackers are demanding (the FBI typically discourages the victims of these attacks from paying the fine).
The version of the ransomware virus affecting Atlanta (it’s a virus called SamSam) inserted cheeky messages into the corrupted files, with the corrupted documents displaying filenames like “imsorry” and “weapologize”.
The city’s courts and its water department have been hobbled by the hack, Reuters said.
In recent years, ransomware attacks have become exponentially more sophisticated. Whereas once they would target individual computers, hackers have in recent years staged global attacks like “WannaCry” and “Petya” a year ago. They’ve rendered hospitals incapable of accepting patients and forced first responders to operate without access to computers.
And in another worrisome sign, city officials haven’t disclosed the extent to which the hackers affected the city’s backed-up files. Perhaps this is why city officials have refused to comment on whether they’re considering paying the ransom – though, according to Reuters, they haven’t paid it yet.
Mayor Keisha Lance Bottoms, who took office in January, has declined to say if the city paid the ransom ahead of a March 28 deadline mentioned in an extortion note whose image was released by a local television station.
Municipal governments are particularly vulnerable to ransomware attacks because their computer networks typically comprise a patchwork of different systems with varying levels of security.
Ironically, the city completed a cybersecurity audit in January, and was in the process of implementing its recommendations when the attackers struck.
Mark Weatherford, a former senior DHS cyber official, told Reuters that hackers typically walk away when the ransom isn’t paid.
He added that the situation could’ve been resolved quickly if the city just paid the ransom.
“The longer it goes, the worse it gets,” he said.
“This could turn out to be really bad if they never get their data back.”
Atlanta has nearly half a million residents – but 6 million people live in the Atlanta metropolitan area.