A huge ransomware attack hit the city of Atlanta last week and officials are scrambling to get their systems back up and running. This has meant that many city employees have been operating with pen and paper after being told to turn off their computers. The mayor of Atlanta, Keisha Lance Bottoms, issued a statement today giving an update on the city's recovery process from the SamSam ransomware attack.
“It is expected that some computers will operate as usual and employees will return to normal use. It is also expected that some computers may be affected or affected in some way and employees will continue using manual or alternative processes. This is part of the City’s ongoing assessment as part of the restoration and recovery process.”
The city is working around the clock with industry representatives, security firms, and government agencies to help restore their systems. At this time, it appears that no customer or employee data was compromised although Atlanta is urging residents and employees to monitor their personal information. They will be offering city employees additional protection resources if needed.
The attackers have demanded the city pays 6 bitcoin as a decryption ransom or else all of their computers will be wiped. That payment window elapsed Wednesday.
A local news station shared the ransom note which resulted in lots of spam being sent to the hackers. It's not clear if the city made any payment, especially since the hackers took down the payment portal because they were receiving too much spam.
An audit of Atlanta's computer security systems showed they were vulnerable to such an attack but had no formal process for managing the risk. Despite being warned months ago, Atlanta did not take proper steps to protect themselves. As a result, the municipal court can't hear cases, residents can't pay online bills, and police officers can't write reports or book inmates electronically. Thankfully though, no critical systems like EMS or utilities were affected.