Tech advocates demand the city release more info about March’s ransomware attack

It’s been more than two months since a piece of malicious software devastated the city of Atlanta, with a post-mortem report into one of the worst cyber-attacks of US history still nowhere in sight.

According to a public meeting on Wednesday, more than a third of necessary programs were taken offline after SamSam ransomware infiltrated city servers on March 22.

Officials predicted that a further $9.5 million would be needed to pay off the damages caused by the incident, which obstructed sensitive information and reverted many municipal services to pen and paper.

This figure adds to the initial $2.7 cost assessment – a stark contrast to the $51,000 demanded by attackers to unlock the compromised systems.

Court proceedings, warrant issuance, and online payments were some of the crucial areas affected and that continue to face a lethargic return to normality.

However the city’s administration remains tight-lipped over the circumstances that allowed the assault to occur.

“Security through obscurity has been proven to be insufficient,” Luigi Ray-Montanez, an organizer for the civic technology group Code for Atlanta, told The Daily Swig.

“Code for Atlanta started a petition because we believe that an accurate public accounting of what went wrong will help other municipalities defend against attacks like these in the future.”

Code for Atlanta is one of the 80 subsidiaries of the Code for America Brigade – a community meetup that leverages their diverse skillset to forward technical education and local data-driven initiatives.

A typical hackathon, Ray-Montanez said, will see between 20 and 40 people in attendance.

“The ransomware attack didn't increase our membership, but a project did come out of it,” he said, describing a development of an open-source malware scanner for Microsoft Word documents.

“The ‘macro’ feature of Word documents is a common attack vector, and the group working on the project wants to make it easy for anyone, including government workers, to scan Word documents for potential malware.”

It’s this collaborative approach to problem-solving that has propelled Code for Atlanta to ask the city to publish a blameless post-mortem report into the ransomware attack, having begun circling a petition to do so.

A post-mortem report, Ray-Montanez explained, would avoid pointing the finger at any one human error, using situational awareness instead of harsh individual scrutiny as a deterrence for incidents yet to come.

“There are no downsides to making a blameless post-mortem public,” said Ray-Montanez.

Amazon Web Services consistently publishes blameless post-mortems of their system failures, and they are one of the biggest cyber-attack targets in the world.”

While the city has been working with the FBI, the Department of Homeland Security, and other cybersecurity firms in its investigations into the March attack, Code for Atlanta maintains that the release of such a report is the first step to making systems more secure, and repairing trust in a state capitol desperately in need of some transparency.

That’s what Atlanta police chief Erika Shields at least thinks, who this week addressed the news that “years” of dash cam recordings and critical evidence were completely destroyed in the cyber-attack.

In 2013 Atlanta was given an F grade for transparency in government spending, but City Council has made attempts at improvement, including the recent creation of an open records website.

Achieving good security, however, may require additional efforts. 

“Code for Atlanta wants to see our local governments work for all people in the digital age,” said Ray-Montanez.

“We invite the City of Atlanta to partner with us to establish trust in government. By conducting and publishing a blameless post-mortem, the City of Atlanta has an opportunity to lead by example.”

The Daily Swig has reached out to City of Atlanta for comment.

At the time of writing, Code for Atlanta’s petition had 118 signatures.