Photo courtesy of Computer Business Review
On Thursday, March 22nd, Atlanta, Georgia became the latest city to fall victim to ransomware attacks targeting city governments. Atlanta joins the likes of Sarasota, Florida; Englewood, Colorado; Hinesville, Georgia; Farmington, New Mexico; and Leeds, Alabama as cities that have recently been hit with ransomware attacks.
The ransomware attack on the IT systems of Atlanta’s municipal government led to the shutdown of multiple internal and external applications, including apps that people use to pay bills and access court-related information. This attack also affected the city’s emergency-response services; forcing dispatchers answering 911 calls to take down information with a paper and pen. Furthermore, city employees were handed a printed notice as they walked through the doors, notifying them not to turn on their computers until the issue was resolved. While no personally identifiable information is believed to have been stolen, employees of the city were also told to monitor personal information for suspicious activity.
After investigating the ransomware attack on Atlanta, it appears the newly popular SamSam strain was used in the cyberattack. Working like all forms of ransomware, it is believed that the developers of SamSam have made nearly $850,000 since December 2017 when the strain was first discovered. The current tab on Atlanta is set at $51,000, and it’s still unclear whether they plan on paying the ransom. City officials and information technology specialists are working around the clock to restore systems back to normal.
What Happens When a City is Hit With Ransomware?
After Spring Hills City, Tennessee was hit by a ransomware attack in early November 2017, TemaSoft warned that cybercriminals would continue to target city governments as city servers are partially or completely shut down during or after the attack. What consequences does this have on the city?
- As we mentioned before, 911 services are severely affected by a ransomware attack. Dispatchers normally rely on real-time online maps to keep track of active police officers and medics out on call. With servers being shut-down, dispatchers must use stone-age measures and keep track of everything on pen and paper.
- As for the police officers themselves, they are unable to retrieve important information from the city’s servers, and their mobile data terminals normally cease functioning. This makes it much harder for law enforcement to perform their essential functions.
- As in the Atlanta ransomware attack, accounting systems and software are also affected. Online payments are disrupted or cannot be performed.
- Employees of the city all but shut down while the ransomware attack is being handled. Employees do not have access to their email accounts, cannot answer city related requests, and cannot generate reports.
Why would a hacker target a city government? For the above reasons, exactly. Not only are thousands of employees left at a stand-still at work, the well-being of hundreds of thousands of people are at stake. While they have been advised by cybersecurity professionals not to, several cities have opted to pay the ransom in order to regain normal operations. In the case of cities and governments, one would imagine the well-being of their people is more important than regaining full access to all of their encrypted documents.
Because of the severity of damage done by ransomware attacks on cities, we don’t anticipate these attacks going away anytime soon. While we never like to see anyone get hit with ransomware attacks, we do hope that Atlanta can be a wake-up call for other very large cities that even they can be hit by ransomware attacks.