Officials representing the city of Atlanta, GA, confirmed yesterday that some of their constituent-facing networks, including the billing and court systems, had been hit by an encryption ransomware attack. The attack appears to be ongoing and successfully encrypted some city data, although what data has not been fully confirmed. The hackers are demanding payment of 0.8 Bitcoin—$6,780—for each computer or 6 Bitcoin—$50,800—for all the infected machines. They have left instructions on how to be paid.
Atlanta Mayor Keisha Bottoms confirmed officials are still working to uncover the full extent of the ransomware. The city is working with Cisco and Microsoft, and the FBI and the Department of Homeland Security have been informed. As a precaution, Atlanta police have resorted to filling out pen-and-paper reports even though 911 services do not appear to be affected.
Bottoms would not say whether Atlanta will pay the ransom: “We can’t speak to that right now, we will be looking for guidance specifically from our federal partners on how best to navigate the best course of action. Right now, we are focused on fixing the issue.”
The FBI (and we here at Solutions Review) strongly recommend not paying ransomware attackers if they successfully penetrate your enterprise’s network. There is no guarantee the hackers responsible will play fairly and actually unlock your data when they receive the payment. They could easily decide to continue holding your data hostage until they are paid even more, leave themselves a backdoor to encrypt your data again at a later time, or encourage them to target other enterprises. The FBI acknowledges that enterprise leaders may have to consider payment as an option in truly desperate situations, but it is still a risky move.
Whether Atlanta follows this advice or makes the decision to risk payment remains to be seen at time of writing. With the rise of nation-state cyberattacks as a political and coercion tool, similar attacks on other cities may be forthcoming.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021