Atlanta’s Government is Shutdown by Ransomware
March 30th, 2018 by CHHS RAs
By CHHS Extern Tyler Babich
On March 22nd, Atlanta’s city government announced that it was the target of a cyberattack that effectively shut down most of its computers and internet-connected systems. Criminals successfully perpetrated a ransomware attack that blocked local government employees from being able to use their computers. The result was at least a week of cancelled court hearings, unavailable bill payments, and otherwise ceased or slowed the services that make up the usual functions of Atlanta’s government. The impact of the ransomware attack also resonated beyond Atlanta’s boundaries. A regional Federal Emergency Management Agency office and the Georgia Emergency Management Agency encouraged neighboring municipalities to block incoming emails from Atlanta’s government office accounts, due to fears that other systems could be affected. And even as the mayor’s office told city employees to try turning on their devices on Tuesday the 26th, the courts were still at a standstill and many offices were working with just pen and paper several days after the original attack. Full recovery could take months, as this strain of ransomware seems more difficult to remove than in previous attacks.
Mercifully, the attack did not halt Atlanta’s emergency services and law enforcement, nor have there been any injuries attributed to the malware. In addition, Hartsfield-Jackson Airport was not drastically affected; the free Wi-Fi was disabled, along with some other online services, in a precautionary move.
Ransomware is a form of cyberattack that locks computer data, or an entire device, behind an encrypted passcode. The perpetrator usually threatens to delete the data (or perhaps leak the data if it is private) unless a ransom is paid. The ransom is usually requested in the form of a nearly untraceable cryptocurrency. For Atlanta right now, the criminal (or criminals) who had their malware installed on city computers requested bitcoins to unlock each infected device. But the government maintains that no personal information has been threatened by this attack.
The availability of online masking tools makes identifying the perpetrator of a cyberattack very difficult. And even when law enforcement is able to identify the responsible party, practical and legal barriers can be hard to overcome in order to secure arrest and prosecution. It is possible that the forces behind this iteration of SamSam (the strain of malware infecting Atlanta’s computers) remains unnamed. Some publicly disclosed evidence links the incident to the same criminals behind a ransomware attack on Colorado’s Department of Transportation and some hospitals earlier this year. Every level of law enforcement is investigating the situation and working to help Atlanta secure its networks, as are some private companies that specialize in cybersecurity.
Regardless of the attack’s source, Atlanta now joins an unenviable club of governments and organizations that have been victims of high profile ransomware attacks. Though the concept has been around for almost a decade, 2015 saw the first wave ransomware attacks that captured the attention of the general public. 2017 then brought about the largest and most worrisome attack to date, when the WannaCry malware infected computers throughout the National Health Service in England, and entities in almost 100 other countries as well. But ransomware isn’t just a worry for governments or major corporations. It also poses a threat to individuals and non-profits as well. Oftentimes, computer forensics experts find that the malware enters through the fault of outdated cybersecurity tools, as was the case in WannaCry. But just as often, the attack enters through unadvised human errors, such as a rank-and-file employee opening infected emails or inserting an unknown flash drive. So whether you are a major city’s Chief Technology Officer or you just use your smartphone to watch cat videos, smart internet habits should be on your mind.
If you are unsure about your own cyber practices or need a refresher, there a number of resources to consult. At work or school, there is likely a technology or security leader who can help. Various government offices, including the Department of Homeland Security, also have resources for all types of computer and internet users.