Atlanta’s recovery from ransomware attack
Cybersecurity expert Morgan Wright discusses the ransomware cyberattack in Atlanta and how cities can protect themselves.
U.S. cities, states and companies increasingly find themselves at risk for cyberattacks and breaches involving so-called ransomware, which place them at the mercy of hackers demanding money.
Recent examples have taken place in computer networks serving the cities of Atlanta, Baltimore, Denver, and the operations of Boeing.
Atlanta’s computer systems were hit with a ransomware attack March 22, locking important city data behind an encrypted wall that can be unlocked only if the city pays the hackers $51,000 in the form of Bitcoin cryptocurrency.
The ransom note left by hackers said that refusing to pay the figure by a deadline this week would lead to wiping up the information.
It was unclear late Wednesday if the city had paid off the hackers, with Atlanta Mayor Keisha Lance Bottoms not ruling out such action.
The hackers were believed to be a known group that uses the so-called “SamSam” ransomware against targets that have weak security and would be willing to pay to regain control. The group has collected nearly $850,000 since 2017, according to CSO. The city of Leeds, Ala., paid the hackers $12,000 last month to release the captured data.
The city of Atlanta continued to operate after the attack, but some services have been suspended and others have been slow as they had to be done manually. City officials said an investigation into the attack was completed and they were working round the clock to restore the systems.
It took more than six days to recover only some parts of the information. The city’s employees were told Tuesday to turn on their computers for the first time since the hack, though some will continue to experience issues related to the attack.
911 shutdown in Baltimore
"We were able to successfully isolate the threat and ensure that no harm was done to other servers or systems across the city's network."
But Atlanta isn’t alone in being barraged with cyberattacks. Baltimore officials admitted Wednesday that a ransomware attack targeted the city's 911 dispatch system over the weekend, leading to a 17-hour shutdown of the emergency dispatching system.
Frank Johnson, chief information officer in the Mayor’s Office of Information Technology, confirmed that the outage was caused by “ransomware perpetrators.” The hackers managed to breach the city’s network after an “internal change to the firewall” made by a technician who was working on another issue related to the automated dispatch system.
"We were able to successfully isolate the threat and ensure that no harm was done to other servers or systems across the city's network," Johnson said, describing the incident as a "limited breach."
Baltimore officials said they weren't aware of any ransom demands made by the hackers responsible for the attack.
Alarm at Boeing
The world's largest aerospace company, Boeing, was the target of a cyberattack Wednesday via the notorious WannaCry ransomware -- the same tool that crippled the health care services in Britain last year, the Seattle Times reported.
News of the Boeing attack was met with widespread alarm, with officials fearing the hackers may have brought down the company's production equipment. But Boeing urged for calm, saying the cyberattack breached only a few machines.
“We’ve done a final assessment,” Linda Mills, head of communications for Boeing Commercial Airplanes, told the publication. “The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”
Denver also hit
A suspicious outage also happened in Denver, where key websites such as denvergov.org and pocketgov.org and online services stopped working Wednesday afternoon. Numerous government computers and phone systems, including the text-to-911 system, were down, the Denverite reported.
Some city staff reportedly lost access to email and other digital systems. Officials said they believe the shutdown was caused by a software bug.
But the alleged software issue in Denver comes just weeks after the Colorado Department of Transportation (CDOT) was targeted twice – in the space of seven days last month – with “SamSam” ransomware, paralyzing the department of 2,000 people and demanding Bitcoins in exchange for giving back the information, Denver7 reported.
David McCurdy, chief technology officer, said the department had “no intention of paying ransomware.” The damage to CDOT’s computer systems was reportedly mitigated.
The Associated Press contributed to this report.
Get a daily look at what’s developing in science and technology throughout the world.