The SamSam group launched a major cyber attack against the government of the city of Atlanta. Nine days later, the city of Atlanta’s local government is still reeling as local government officials struggle to recover from the ransomware attack. The SamSam group demanded a ransom of $51,000 in bitcoins to unlock digitally scrambled files on Thursday, March 22. Reuters journalist Laila Kearney stated, “police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating ‘ransomware’ virus attacks to hit an American city. ”
The local government in Atlanta has released a ransomware cyber attack information page to update Atlanta residents about the progress of restoring systems and retrieving sensitive data. The Atlanta ransomware information hub states, “across-functional incident response team was assembled with both the public and private sector, including not only City officials, but law enforcement, the FBI, Department of Homeland Security, the Secret Service and independent forensic experts to help us assess what occurred and how best to protect our city from not just this attack, but others the city may face in the future.” It is unknown at this time if the $51,000 in bitcoins ransom was paid by the Atlanta city government to the SamSam cyber attack group.
Atlanta government officials have been forced to revert back to only telephones and paper to conduct operations. Atlanta Councilman Howard Shook reports losing 16 years of digital records, as he told Reuters , “it’s extraordinarily frustrating.” The amount of disruption this has caused to court cases is unclear. Atlanta Police Department spokesperson, Carlos Campos told Reuters , “Our data management teams are working diligently to restore normal operations and functionalities to these systems and hope to be back online in the very near future.” Cybersecurity and intelligence architect expert Allan Liska of the Recorded Future security firm offered his analysis of the Atlanta cyber attack to PBS stating, “it is actually pretty significant in terms of the scope of the damage.”
The cyber attack by the SamSam group is the latest infrastructure challenge to hamper the city of Atlanta in the past 12 months for the city of Atlanta. In March 2017, a bridge collapsed on an important stretch of highway on Interstate 85 (I-85) that seriously affected travel and economic commerce. December 2017 the Hartsfield- Jackson Atlanta International Airport, which is the busiest airport in the entire world, sustained a crippling power outage that left 30,000 passengers stranded.
Even more worrisome, the latest disruption in the form of a cyber attack comes on the heels of the Department of Homeland Security releasing a report in August 2017 stating that a 9/11 level cyber attack is imminent against the United States of America. The report poignantly stated that industrial systems vital to the energy grid in the United States were most vulnerable. In March 2018 the New York Times reported that U.S. President Donald Trump accused Russia of launching a series of cyber attack against “American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.”
Atlanta City Auditor Amanda Noble told Reuters, “one of the reasons why municipalities are vulnerable is we just have so many different systems. ” M ark Weatherford, a former senior DHS cyber official stated of the Atlanta cyber attack, “this could turn out to be really bad if they never get their data back.” Councilman Shook added, “it was a very surreal experience to be shut down like that.”
Keisha Lance Bottoms is the current mayor of Atlanta.