The city of Atlanta, Georgia was hit by a ransomware attack in March of this year, an incident where the effects rolled on and on for several months. As a result, the trends of whether or not to pay, who was behind the attack and what variant was used were all discussed, while the city tried to get back on its feet.
As Infosecurity followed the story, here is a timeline of what happened combined with some learning points for those who may be affected in the future.
1 – The city’s IT network was infected at 5.40 am on March 22 with bill paying and court information affected
Source: Infosecurity Magazine
2 – The ransomware was suspected to be a variant of SamSam, commonly used in targeted attacks
Source: Malwarebytes
3 - Attackers compromised a vulnerable server first, and ransomware spread to desktop computers throughout the whole network of Atlanta
Source: Virusguides
4 – The ransom demand was $6800 in bitcoin per computer or $51,000 to “unlock the entire system”
Source: 11Alive
5 – All municipal employees were told to shut down computers while resident services were suspended
Source: AL.com
6 – The cost of the attack rose fast to $2.7m, including recuperation, legal and PR costs
Source: Infosecurity Magazine
7 – The city infrastructure was crippled for six days, with the Mayor not ruling out paying the ransom
Source: AL.com
8 – Three months later, a third of the city’s 424 software programs were still offline or partially inoperable
Source: Techcrunch
9 – At that Department of Atlanta Information Management meeting, a city official requested an additional $9.5m to try and correct the affected systems
Source: Infosecurity Magazine
10 – Atlanta managed to roll out a new employee notification system (NotifyATL) after the attack
Source: Infosecurity Magazine