City of Atlanta still crippled six days after ransomware attack


March 27, 2018

March 27, 2018

Atlanta Mayor Keisha Lance bottoms ransomware attack – WGCL

Six days after a ransomware attack shut down the City of Atlanta's online systems, officials are telling employees to turn their computers and printers back on for the first time.

The move is part of an ongoing assessment of the impacts of the cyber breach, which took place on March 22.

Atlanta's public-safety services such as 911, police, and fire-rescue are unaffected, officials say, as are systems related to the functioning of Hartsfield Jackson International Airport.

But residents still can't pay their water bill or their parking tickets online. Police and other employees are having to write out their reports by hand. And Municipal Court proceedings for people who are not in police custody are canceled until computer systems are functioning properly again.

Details about the attack itself remain thin. So far, authorities have only confirmed that the city experienced a ransomware cyberattack and city officials received a written demand related to it. At a news conference Monday Mayor Keisha Lance Bottoms said that hackers had asked for $51,000, but there has been no formal confirmation of a ransom amount.

"I just want to make the point that this is much bigger than a ransomware attack," she said. "This is really an attack on our government, which means it's an attack on all of us."

Ransomware is malicious software that blocks users from accessing some or all of their computer systems by locking them out until a ransom is paid. Officials haven't said whether the city was going to pay the ransom.

"Everything is up for discussion," was the Mayor's reply when asked directly by reporters whether the city would pay up.

Bottoms also has advised city employees to contact credit agencies and monitor their bank accounts in case their personal data was compromised. 

Law enforcement response

A private company, SecureWorks, has been brought in to investigate the breach. SecureWorks and the city's incident response team are working with law enforcement, including the FBI, Homeland Security and the Secret Service, as well as independent forensics experts and educational partners like Georgia Tech, to determine exactly what happened.

"We have completed the investigation and containment phases," SecureWorks CEO Mike Cote said on Monday. "We are transitioning to the recovery phase to include the methodical restoration of critical systems."

Officials are being tight-lipped about specifics. Bottoms likened the circumstances to "a hostage situation."

"Just as we wouldn't give away too much information if there was a physical hostage, we do have to be careful," she said. "I can tell you that we are working around the clock."

A handful of city employees contacted by CNN Tuesday declined to comment, saying they were told not to discuss the attack.

Meanwhile, officials are focused on establishing manual workarounds for divisions that have been impacted.

"We have teams that are going to every single department," Atlanta Chief Operating Officer Richard Cox said Monday. "We're mapping out the manual processes so that we position ourselves to take care of the city and keep it running if this is to go into the future."

In other words, some city officials are filling out forms by hand. Asked how long such a process is sustainable, Bottoms cracked a joke.

"Well, it was a sustainable model until we got computer systems, so … for some of our younger employees, it will be a nice exercise in good penmanship."

Services available in person

Some services that are not available online can be accessed in person by coming to City of Atlanta offices.

Among them: new water service requests and hydrant-meter renewals and returns. Most planning services are still available in person, but officials say processing times may take longer than normal. And residents needing inspections or help with zoning can still access services by appearing in person or by calling the department.

Parking tickets can be paid and change-of-address forms completed at Atlanta Municipal Court.

Officials say anyone set for a walk-in Municipal Court appearance will be rescheduled automatically without penalty and that no failure-to-appear warrants will be issued during this time. They recommend checking with the Georgia Department of Driver Services if the case involves the status of a driver's license.

The city's payroll is also unaffected, Cox confirmed last week.

The Mayor said the cyberattack underscored the need to shore up critical systems.

"Just as much as we really focus on our physical infrastructure, we need to focus on the security of our digital infrastructure," Bottoms said. "I am looking foward to us really being a national model of how cities can shore themselves up and be stronger because of it."

Courtesy/Source: CNN