The city of Atlanta, Georgia is working with Secureworks, the FBI, the Department of Homeland Security and the U.S. Secret Service to recover from the ransomware attack discovered on March 21st of this year. Ransomware is a malware program in which the data on a victim’s computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access returned to the victim. In Atlanta, hackers from the SamSam hacking group encrypted many of the city government’s vital data and computer systems, shutting down municipal courts and preventing residents from paying bills online. They demanded that officials pay a ransom of $51,000 to be sent to a bitcoin wallet – which the city has not paid..
“Ransomware is one of the easiest ways to monetize a successful breach of security, and as such it continues to be favored by many hackers,” said Eytan Segal, principal product manager at Check Point. “This recent breach of the Atlanta local government is a good example of how devastating and frustrating these attacks can be when they succeed.”
Atlanta’s Department of Information Management stated that it has found no evidence that customer or employee data was compromised, but encouraged everyone to take precautionary measures, including the monitoring of personal accounts and protecting personal information. The city’s IT department has done its due diligence in backing up critical data, and many of Atlanta’s critical services have been moved to the cloud. In addition, the city’s networks have been segmented from other systems, keeping public safety systems and the Atlanta Hartsfield Airport from being affected by this attack.
“Every city and government organization should assume they’re a target,” warned said Raj Rajamani, vice president of product management at SentinelOne. “Attacks like the one in Atlanta are about more than just criminal payouts — they’re paralyzing attacks that can bring a city to its knees, as we’re seeing.”