The city of Atlanta is currently being targeted in a ransomware attack impacting several of its departments and crippling government websites that process payments and relay court information.
The attack first hit on Thursday morning, according to the City of Atlanta. In an email to Threatpost, an Atlanta government spokesperson said that there are no updates to share as of Friday morning.
The city, which is the ninth-largest metro area in the U.S., said on its Twitter account Thursday that it is facing outages on various internal and external customer-related applications, “including some that customers may use to pay bills or access court-related information.”
The City of Atlanta is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information. We will post any updates as we receive them. pic.twitter.com/kc51rojhBl
— City of Atlanta, GA (@Cityofatlanta) March 22, 2018
Atlanta Chief Operating Officer, Richard Cox said in a press conference Thursday evening that Atlanta is working with the Federal Bureau of Investigation and the Department of Homeland Security, as well as Microsoft and Cisco’s security emergency response teams, to address the attack.
Atlanta said that at this time several departments were affected by the attack. However, the Atlanta Public Safety department, airport, and water services operation “are operating without incident.” In addition, payroll for city employees won’t be impacted by the attack.
According to reports by CBS46, the attack included a ransom note that demanded 6 bitcoins for all computers (or $51,000 based on today’s valuation) in exchange for keys to decrypt systems.
In the press conference, Cox confirmed that the city received a written demand related to the attack, but did not confirm the contents of the demand. There was also no specification around how the attack was first launched.
Atlanta is still investigating whether personal, financial or employee data has been compromised. “As a precaution, we are asking that all employees take the appropriate measures to ensure their data is not compromised. The city advises to monitor or protect personal information,” said Cox.
According to a report by Atlanta local news site AJC, an note from the Atlanta information management team told City Hall employees not to use their computers unless previously cleared.
In the press conference, Atlanta’s mayor, Keisha Bottoms, wouldn’t specify whether Atlanta would pay the ransom.
Mayor @KeishaBottoms holds a press conference regarding the security breach. https://t.co/h1WlcyUc6x
— City of Atlanta, GA (@Cityofatlanta) March 22, 2018
Atlanta is only the most recent victim of ransomware attacks. In May 2017, a massive scale ransomware attack, WannaCry, paralyzed systems across various markets – including England’s health care system and one of Honda’s Japanese plants.
Rob Tate, security researcher at WhiteHat Security, told Threatpost that he predicts more ransomware attacks on government utilities in the coming year, especially as each year ransomware attacks have been launched on more publicly visible victims – like hospitals and local governments.
“One thing that strikes me about this incident is that it’s not too different than attacks we’ve seen before,” he said. “In some cases, and seemingly in a case like this, the attacker did their homework, and would pick a number that they know the victim can afford to pay.”