The City of Atlanta computer systems were hit by a ransomware cyber attack early Thursday morning. This attack has caused an “application outage” on various internal and external systems, including systems for bill pay and court information. So what is a ransomware attack, and how does this affect the residents of Atlanta?
What is Ransomware?
A ransomware attack encrypts data on a system, asking users to pay a ransom to receive a key to decrypt the data. As long as the data is encrypted, it is inaccessible to the user. However, paying the ransom doesn’t guarantee that the user will be sent a working key. This creates a huge impact because this isn’t just the data on a personal or small business system, but a city-wide infrastructure.
This attack is currently being investigated by the FBI and United States Department of Homeland Security, with the Secret Service providing guidance as well. Incident Response Teams from Microsoft and Cisco Systems are also on site to investigate and determine the scope of the attack.
The City’s Response
In a press conference shortly before 5PM, Richard Cox, Atlanta COO, stated that everyone should take proper actions to protect their personal data. Employees should monitor and protect personal information, such as online banking and bill pay details. When asked about payroll, Cox said that city employees would still be paid on schedule.
Daphne Rackley, Atlanta CIO, answered several questions about the breach. When asked if this means that security practices weren’t followed, she stated that they have taken issues to mitigate issues in the past, and implemented a “cloud-first” strategy, moving critical data to the cloud to prevent these types of issues. With this said, the question now becomes, why did it still happen?
On top of the impact to city employees, officials are urging members of the public who have had any dealings with the city to also monitor their bank accounts and credit information for possible exposure.
Atlanta court systems will be open tomorrow; however, all of the court systems are currently still experiencing outage issues.
Rackley continued to say that Atlanta has not experienced any similar attack in the past and refused to answer the question of whether or not the city would pay the ransom. She stated that the investigation is still in the first tier, and they’re still trying to figure out the course of action, how to recover the data, and how far the issue goes.
Response to the Press Conference
After the conference, Rashad Richey PhD, political analyst from CBS 46 stated that his sources at City Hall informed him that the city knew this was possible and didn’t take the appropriate steps to mitigate such an attack. He expects to see more whistleblowers coming out in the next several days or weeks, accusing the city of ignoring possible threats. He was critical of the city’s response, saying that the press conference left more questions than answers for Atlanta residents who’s information may have been affected.
Attacks such as this are what Phoenix Security Labs aims to prevent for our clients. Look at our service offerings, and see what PSL can do for your personal and corporate security!