Updates from city officials have been few and far between
It’s almost back to business as usual in Atlanta, after a cyber-assault last month caused weeks of city-wide disruption, costing the state capitol more than $2.7 million in damage.
Many services are now expected to be operating normally, following the ransomware attack on city servers that brought court proceedings, online payments, and other municipal business to a standstill.
Day-to-day dealings were carried out with pen and paper, while city officials worked alongside the FBI and the Department of Homeland Security to deal with the “hostage situation,” as described in a statement by Atlanta Mayor Keisha Lance Bottoms.
Attackers had demanded $51,000 in bitcoin to unlock the entire system, encrypting some of the data located within city networks.
Information belonging to city council members and the police department have been reported as unrecoverable, despite previous claims made by officials that no personal or employee data appeared affected by the incident.
The City of Atlanta has not been particularly forthcoming in providing updates in the aftermath of the cyber-attack, which was first noticed on March 22.
It is not known, for instance, whether the ransom was paid, or how the matter was resolved.
In a rare statement issued to CBS, officials said: “Access to some city networks and databases has been impacted, resulting in a return to manual processes for certain tasks.
“We are working closely with our information technology partners to determine what backups may exist and what data we are able to recover."
According to cybersecurity firm Rendition Infosec, this was Atlanta’s second cyber-attack within a year, joining the likes of Colorado, which itself experienced two ransomware intrusions in a matter of weeks.
Attacks like these, however, have appeared to have some effect on other states. Arizona recently deployed a new platform for analysing vulnerabilities and cyber-risk within its 133 city departments.
For its part, the steps Atlanta plans to take in order to prevent such episodes in the future is perhaps the most notable omission by city officials.
The $2.7 million Atlanta is reported to have spent so far on the attack includes a $650,000 contract signed with SecureWorks – a cybersecurity firm hired for incident response.
Don Hunt, a cybersecurity researcher at Georgia State University, told Channel 2: “They were probably not as protected as we probably thought they were.
“They’ve got some really big players on the team there, and they’re spending a lot of money, so the depth of the problems that they had are probably enormous.”
SamSam ransomware was likely used on the Atlanta city servers, experts have said.
This is due to the language used in the attack message and the likelihood of dated software, which the strain is known for exploiting.
Officials have yet to confirm.