CITY OF ATLANTA RANSOMWARE ATTACK

 

 

OVERVIEW

On March 22 of this year, the City of Atlanta experienced one of the most devasting and costly ransomware attacks to date in the US. For one week, the city floundered while five of its thirteen local government departments were held hostage, unable to perform their functions. For city employees logging-in to their devices that morning, they found two simple words replaced file names: “I’m sorry.” Those two words quickly established something wasn’t right.

The City of Atlanta and its employees were completely unaware a ransomware attack had been launched, the scope of which this country had yet to experience. The shadowy hacking group SamSam – infamous for its global ransomware assaults – had struck again, demanding a $52,000 payment in bitcoin. In their ransom note, the group threatened to permanently freeze the heisted data should the city not pay up. If the City of Atlanta acquiesced, the decryption key would be provided, allowing the city to quickly restore their data and restart downed services.

Although they ultimately chose not to pay the bitcoin ransom, the City of Atlanta faced at least five days of downtime for the affected departments. It also included a public relations nightmare and financial expenditures to regroup lost data and bolster their security systems. In August of this year, the Atlanta Journal-Constitution reported the price tag to taxpayers for the city being entirely unprepared is currently estimated at $17 million. According to the AJC article, that amount does not include a contract with a law firm and downtime for the five days employees remained unable to use their computers. Atlanta’s decision not to pay the $52,000 ransom was just the beginning of a very costly and painful recovery. Little did they realize, ignoring years of security warnings placed a self-imposed ransom on its citizens – with a price tag they may be paying for years to come.

CHALLENGE

Despite years of warnings about inadequate cybersecurity protocols, officials for City of Atlanta chose to allocate its funds to city public services and projects rather than bolster their cyber-resilience – a decision having dire consequences. Going back to 2010, an independent city auditor informed city officials that its IT Department lacked funding for disaster and continuity plans. A 2014 follow-up audit found the city still lacked cyber contingency planning. Still, a January 2018 report by Atlanta Information Management and Office of Information Security found vulnerabilities in the city’s network but failed to identify the root causes. The audit found “monthly vulnerability scan results presence of 1,500-2,000 severe vulnerabilities in the scanned population going back a year “with “no evidence of mitigation of the underlying issues.”

Ransomware enters data systems long before the actual attack is launched. Undetected, it lingers, gathering information on weaknesses and points of attack along the way. This unmitigated persistence guarantees the attack is well-placed and highly effective. Over time, ransomware attacks are becoming more sophisticated and pernicious in nature. Yet with all of the data in its grasp and with alarm bells ringing, Atlanta city officials chose to gloss over extensive warnings about its system vulnerabilities. The City of Atlanta is far from unique in this aspect, as the ramifications of ransomware attacks are rarely understood until it’s much too late.

SUMMARY

With hindsight being a viable gauge of future results, most organizations still choose not to heed the warnings of systems security analysts. The inevitable result for ransomware victims is an extensive and time-consuming event, likely to require massive clean-up spending. In the absence of innovative and effective cyber-resilience, ransomware continues to proliferate in scope and strengthen in voracity. At enSilo, our approach to cyber-resilience is integral, preventing ransomware by providing real-time, end-to-end systems security. Traditional cyber defense focuses on perimeter attacks, enabling fileless malware like ransomware to go undetected. Our cutting-edge protection strategy prevents malware from spreading by denying suspicious interactions access to the network at their inception. This approach provides thorough and ongoing monitoring for all of your data systems.

enSilo’s comprehensive, real-time endpoint security detects malicious outbound communication, ensuring a line of defense conventional security simply can’t provide. By the time traditional security measures detect and respond to ransomware, untold damage is already done.  Our award-winning, proven track record of immediate detection and response stops ransomware before it starts ­– with enSilo delivering secured systems and enduring cyber-resilience for your organization.