It is perhaps one of the most daring and large-scale cybercrimes in recent memory. In March, the entire city government of Atlanta, Georgia, was virtually crippled as employees had their computers held for ransom by hackers. This hack, which kept city government computers offline for five days, had wide-ranging effects even after the initial hack was resolved. The results of this attack were felt in many of the digital services offered by the city. Online bills such as water and utilities could not be paid, nor could traffic or parking tickets.
In addition, city websites for reporting road problems were down. Perhaps most troubling, travelers to Hartsfield–Jackson Atlanta International Airport could not use the city’s free Wi-Fi. As this is the busiest airport in the world, this naturally caused problems. Thankfully, no major emergency services such as 911 were shut down, but it raises concerns that this could happen again and that next time it could be worse.
This hack was an example of a ransomware attack and was characterized by Mayor Keisha Lance Bottoms as a “hostage situation.” With ransomware, the target’s computers and data become encrypted to make sure that no one, including the rightful user, can access the computers or the data on them. The victims, in this case the city’s computer system, then receives a ransom note demanding payment of money (usually Bitcoin or a similar digital currency) in exchange for having the data decrypted and access to the computers returned. In the case of the Atlanta cyberattacks, the ransom was $51,000. The group is suspected of having received over $1 million in ransoms in just the first three months of this year. While many pay the hackers since it is easier to do so rather than try to spend thousands to beat their encryption, it does offer the ethical dilemma of whether paying off these types of attacks only encourages them.
While a similar hacking attack last year hit computers across the globe and was linked back to possible North Korean hackers, this hack was isolated to the Atlanta government computers and has been traced to a group of hackers known as SamSam. This group is known for carefully planning out their attacks, choosing targets that they find to be particularly vulnerable. The fact that a major city government was attacked shows how even government systems can be vulnerable to ransomware attacks.
According to one recent survey conducted by the University of Maryland, government networks are being attacked at the rate of at least one attempt every hour. Although most of these are foiled, some are not. But what is particularly troubling is that less than half of local governments had a formal policy for dealing with cybersecurity. Two thirds of these governments had no written strategy or policy for recovering from such a breach as the one experienced in Atlanta. This latter part, many experts agree, is the key to defeating ransomware hackers.
It is not enough to have a backup of essential data. Certainly, this material should be appropriately backed up and stored, but that is just a small piece of the puzzle. Organizations must also have a process for restoring access to the computers and also a process for restoring that data. Failure to plan for these contingencies leaves you particularly vulnerable to such a hack.