Atlanta Cyber Attack Updates

Mar 28, 2018

 March 29, 4pm: 

The City of Atlanta is recovering slowly from a cyberattack that began March 22.  Some online customer services returned today, and Atlanta police officers are filing reports electronically again. The City says there's no indication the personal information of customers or employees was compromised. 

The ransomware did not affect the city’s emergency 911 system. But a spokesman for the police department says it still isn’t using certain investigative databases, although they aren’t thought to be corrupted.

The return of the Atlanta’s 311 system means residents can order services like trash pick-up, or report potholes online again. But the water department still can’t accept payments in any form, and the municipal court has been pushing off its caseload for a week.

Atlanta became a cautionary tale on government cybersecurity after ransomware exploited weaknesses in its network. 

GPB News received this statement from the a city spokesperson Thursday afternoon:

  • “Following the advice of our federal partners and security experts, we will not be commenting further on the cyberattack.  We continue to take a critical look at our systems and processes in order to ensure that we have the ability to continue serving our residents.  City services including Public Safety (Atlanta Police Department, Atlanta Fire Rescue Department, Department of Corrections, 911), Water Services Operations, Public Works and the Airport continue to operate without interruption.  However, it’s important to understand that our overall operations have been significantly impacted and it will take some time to work through and rebuild our systems and infrastructure. We appreciate your patience and support through this challenge and we are grateful that the City of Atlanta and its people are resilient and will use this event as an opportunity to invest in and build a stronger, safer digital City."

An Atlanta Police Department spokesperson sent this statement:

  • “...There are some aspects of our operations that continue to be impacted by the ransomware attack. In those cases, we are doing some tasks manually and continue to use “work arounds” so that we can continue to serve the public. We appreciate the public’s patience as we continue to do our best to service their needs and restore as much of our operations as possible back to normal.”

One example if a “work around” provided by the department spokesperson is that APD did not produce a crime report this week. And now the Crime Analysis unit is working to capture incident reports that were hand-written for the past few days and re-build that report.

 March 29, 9am: 

The City of Atlanta has become a poster child for vulnerable government infrastructure eight days since its computer network was hobbled by ransomware. And the inconveniences are adding up.

The municipal court is still paralyzed without electronic access to its records. The Atlanta airport's wifi network was still disabled Thursday morning as a precautionary measure. The culprit is SamSam ransomware. Unlike malware that takes over when someone inside an organization downloads an attachment, this style of ransomware can exploit network weaknesses remotely. In the last four months the SamSam crew has collected $850,000 from victims in health care, education and government.

The ransom was due yesterday [March 28] and today the City of Atlanta has not commented on details. It’s working with a private forensics team, the FBI, the department of homeland security and the secret service to regain control of its data.

March 28, 4pm: 

The City of Atlanta has launched an online Information-Hub on its website to share the latest updates surrounding operations and the ransomware cyberattack. 

March 28, 1:50pm:

 Today [March 28] is the deadline for the city of Atlanta is pay off cyber attackers who laid siege to government data last week. But paying might not still be an option for the city, even if it wanted to.   

The city hasn’t ruled out forking over the $51,000 ransom.  But the ransom payment portal was disabled by the hackers, after a local TV news station shared an unredacted ransom note captured on a city employees computer desktop. CS Online reported on the gaffe. 

 The group identified in the ransom note is SamSam. It’s known for choosing targets with weak security and high incentives to regain control of their information. Last month the city of Leeds, Alabama paid ransomware attackers $12,000 to release data.  --  March 28, 8:00am 

An audit of the City’s IT department shows the city was warned this could happen months ago.

The audit uncovered by CBS46 found a significant level of preventable risk to the city. The auditor writes there were long-standing issues, which city employees got used to and also didn’t have the time or resources to fix. The audit concludes Atlanta had no formal processes to manage risk to its information systems.

Seven days since a ransomware attack locked the city out of its own data, some city employees are back online and able to use email. Others are still using pen and paper. The municipal court system has been turning people away for the full week. And no word yet on how the city is going to resolve a standoff with the hackers. They’re demanding a $51,000 ransom.

--

March 27, 11am

Tuesday the City of Atlanta advised its employees to turn on computers and printers for the first time since the March 22 cyberattack.

The city issued a statement: “It is expected that some computers will operate as usual and employees will return to normal use. It is also expected that some computers may be affected or affected in some way and employees will continue using manual or alternative processes. This is part of the City’s ongoing assessment as part of the restoration and recovery process.”

--

March 26, 5pm

The City of Atlanta is in the midst of what its leaders call a cyber crisis, with no end in sight. Data in the city’s system were encrypted by ransomware last week--- leaving city services running on pen and paper and the municipal court in gridlock.

According to Atlanta Mayor Keisha Lance Bottoms an incident response team has been working around the clock with cybersecurity experts from private firms, the FBI and the Department of Homeland Security.

"This is much bigger than a ransomware attack. This really is an attack on our government. Which means its an attack on all of us," she said. 

Mayor Bottoms says they know who’s behind the attack, but won’t publicly disclose that while the investigation is ongoing. She declined to give a timeline for when the city might regain control of its data, calling this a hostage situation.

The attackers are demanding a $51,000 ransom. And the mayor says the city hasn’t ruled out paying it. Still no word on how the ransomware found a weakness in the city’s IT infrastructure.

--

March 26, 10am

The City of Atlanta’s computer network is still under siege by a ransomware cyberattack that began five days ago. The shutdown crippled some customer services and is backlogging the city’s justice system.

People who showed up for municipal court this morning were turned away and told their court dates would be automatically rescheduled.  Jackson McKay drove six hours from Ocala, Florida to get documents he needs for an auto dealer license.

“I gave them some information and they are going to fax me some stuff, but I’m going to sit it out in a hotel and hopefully they'll be back up tomorrow,” he said.

Hackers encrypted city data last week and demanded a 50,000 dollar ransom. No word yet on if the city will pay, or how long the court will be closed. Workers at city hall are not able to process payments or log on to their computers. City officials say there’s no evidence customer or employee data is compromised, after warning anyone who’s ever done business with the city to check their credit and bank statements anyway.

-- March 25, 3pm

A cyberattack is backlogging Atlant's municipal justice system. And the Atlanta airport’s wifi network is still offline as a precautionary measure.

Atlanta municipal courts worked through the weekend to manually process people arrested and taken into police custody. Without computers, the court can’t validate any of the warrants it issues, or accept payments.  

Scheduled cases are pushed back until further notice.

There are headaches at the jail too, where inmates are being processed with pen and paper. Hackers took over key parts of Atlanta’s computer network early Thursday morning. City Officials confirmed a 51,000 dollar ransom by the attackers, but have not said if they will pay it, or who’s behind the attack. According to Atlanta Mayor Keisha Lance Bottoms, the city carries an insurance policy against cyberattacks.

--

March 23, 5pm

Hackers are holding the city of Atlanta’s computer network hostage.

City employees were told not to log on to their computers when they got to work, and applications to pay bills and access court records have been offline since Thursday.

Atlanta Mayor Keisha Lance Bottoms was tight lipped about the extent of damage.

“We’ve not done the autoposy, if you will. Because right now we have an immediate threat in front of us that we are addressing,” she said.

The Mayor encouraged anyone who’s ever done business with the city to check their credit report for suspicious activity. She declined to comment on who attacked the city or what they're demanding as ransom. Atlanta’s airport disabled its wifi network Friday as a precautionary measure.

--

March 22,  11am

The FBI is investigating a cyberattack on the city of Atlanta's computer network.
 

The city's network was knocked out early in the morning. The ransomware attack continues to cripple some internal systems, and the applications people use to pay bills or access court information. Mayor Keisha Lance Bottoms stressed that they don't yet know the extent of the damage, but that public safety, water services and the Atlanta airport are operating normally. The mayor urged city employees and customers to check bank and credit card statements in case personal information was stolen. This comes about a month after a malware attack on the City of Savannah’s computer network.