The hackers used the SamSam ransomware to derail various services of the city.
A new day a new hacking problem. This was the case for the city of Atlanta as they woke up on Thursday to see their network system hacked. The mayor of Atlanta, Keisha Bottoms, said that hackers had attacked the city’s network system and had also encrypted the data.
Details have been vague about the incident, but it is believed the hackers used the SamSam ransomware. In order to give back control of the network system, the hackers demanded $51,000 in ransom. The city is currently working together with the Department of Homeland Security, the FBI, Microsoft and the Cisco cybersecurity firm so that they can get back control of their stolen data. They also want to check the scope of the damage.
The city also posted on their official Twitter account that they were working in tandem with the Microsoft team in order to work out the issue. They also reiterated that they were confident that their technology employees could restore normal functions soon. The Twitter account also confirmed that the city’s government website, Atlantaga.gov was working and was accessible.
On Thursday, the city apparently faced some problems with outages on the website including paying bills by customers. Accessing court-related documents was also difficult. Fortunately, the city’s airport, public safety, and water operations still remain intact and were not affected by the attack. The payroll system of the city was also not affected.
Richard Cox, Atlanta’s new Chief Operating Officer, the city knew of the problems pertaining to the customer-facing applications on Thursday morning. He acknowledged that they had fallen victim to ransomware, but could not divulge more details. He could not give more information because of the ongoing investigation. However, he noted that the investigation would reveal whether there was any compromising data taken. He also urged all employees to take necessary measures to ensure their data was safe. On top of that, he added that the city would offer any additional resources when needed.
The city did not disclose the ransomware note which was discovered during the investigation. The note demanded 0.8 Bitcoins for every computer held hostage, or six Bitcoins for all the seized computers. The amount demanded roughly amounts to $51,000 using current exchange rates. The hackers also demanded that after payment, the city should leave a message on a specific website, which had a hostname on it. After all the demands are met, the hackers would then provide a software able to release the seized computers.
The SamSam malware works differently from other viruses. Instead of waiting on owners to click links sent via emails, the malware finds unpatched flaws in network servers and then unleashes the malware. After this, it can affect the key network systems and can cause varying types of damage on the infrastructure.