Another day, another ransomware attack...
The American city of Atlanta, Georgia, has suffered a major ransomware attack, which is said to be affecting some of its services and potentially jeopardising the personal data of citizens, staff and other related parties.
In a press conference on Thursday afternoon, the city's mayor, Keisha Lance Bottoms, admitted, "We don't know the extent of the attack." However, Atlanta COO Richard Cox, who was appointed less than ten days ago, assured the public that city payroll was not affected, and neither were public safety, water or airport departments.
The City of Atlanta is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information. We will post any updates as we receive them. pic.twitter.com/kc51rojhBl
— City of Atlanta, GA (@CityofAtlanta) March 22, 2018
Nevertheless, the hack has impacted systems that allow customers to pay bills and to access court-related data, as well as other internal and customer-facing applications. And the mayor went as far as to say that possibly anyone who's ever done business with the city could be at risk, and that they should check their bank accounts.
According to news site 11Alive, a city employee sent it a screen shot, showing a ransom demand of $6,700 per unit or $51,00 to unlock the whole system - to be paid in bitcoin, of course. Whether or not that will be paid remains to be seen, but chief information officer Daphne Rackley stated that the city had cloud solutions in place and spoke of a possible workaround that would remedy the situation. She held off from saying anything specific about what these solutions might be, but we'd guess there are backups that haven't been affected by the hack.
Right now, the city is working with the FBI, Homeland Security and other federal agencies to get the situation under control, but no timeline has been given for when it might all be fixed.
What Lessons Can We Learn From This?
Although this is all happening in the USA, far away from our own shores, it should serve as a reminder to us all. Ransomware attacks, though less common than in previous years, are still a reality, and they're still just as damaging as ever, stopping services and demanding huge sums of money.
More positive, though, is that businesses and other organisations have grown more aware of the dangers of ransomware, and they're more likely to be prepared for it. If the contingency plans that Bottoms, Cox and Rackley hinted at turn out to be effective at restoring Atlanta's IT systems, then it will prove that suffering a cyber security breach, while disruptive, doesn't to be an unrecoverable disaster.
What will be interesting is if and when the subsequent investigation into this hack discovers how it happened. Did an employee open a booby-trapped attachment? Did someone visit a website they shouldn't have? Or was this a targeted attack, aimed specifically at government departments in Atlanta?