As Amanda Noble, Atlanta City Auditor logged onto her work computer on March 22nd, she immediately knew something was wrong. The icons on her desktop were changed and some were even replaced with black rectangles. She even noticed that many of the files on her desktop had been renamed with “imsorry” and “weapologize” extensions.
Amanda immediately called the citys chief information security officer to report this unusual problem and left a message. The next call she made was to the help desk and they left her on hold for a while. Amanda soon realized that she wasn’t the only one in the office with this computer problem.
These computer problems were all part of a very sophisticated “ransomware” cyber-attack on the City of Atlanta. This cyber-attack lasted for two weeks and has yet to be resolved completely. During that time of 2 weeks the metropolis struggled to recover the encrypted data from the employees computers and to restore the services on the municipal Web site.
The cyber-criminals at first gave the city only a week to pay a fine of $51,000 in crypto-currency bitcoin to get the key for decrypting their data. This deadline came and went last week however several services still remain offline. Since the website are still knocked off this suggests that the city did not pay the required ransom and when the City Officials were contacted by Scientific American, they refuse to comment.
The Department of Watershed Management is still not able to accept online payments for water or sewage bills or any calls; neither can the Department of Finance issue any business licenses through their web page. Even the Atlanta Municipal Court is not able to process any ticket payments online as well as in person due to this outage and they had to reschedule their hearings.
According to Anne Torres, Atlanta’s director of communications, Atlanta city took down two of their online services voluntarily for security measures and these services are the Hartsfield-Jackson Atlanta International Airport’ Wi-Fi network and also the took down the ability to process service requests through the citys 311 Web page portal. Both have been restored on Tuesday Morning with the Wi-Fi back on.
The ransomeware that attacked Atlanta is called SamSam and like all other malicious virus it enters the computer networks through a software that has not been updated. As soon as the hackers find any vulnerability in a certain network they use the malware to encrypt files and then demand money to unlock the encrypted files.
Jake Williams the founder of computer security firm, Rendition Infose says that, “The SamSam ransomware used to attack Atlanta is interesting because it gets into a network and spreads to multiple computers before locking them up.” He further added saying that the victim then has a greater incentive to pay a large amount of money as ransom to gain back the control of their network and locked computers.
SamSam has been the most successful ransomware up till now and has managed to pull $850,000 in ransom money.