Atlanta city government systems down due to ransomware attack

If you live in the city of Atlanta, you are waking up to the knowledge that the city was a victim of a sophisticated cyber attack.

Mayor Keisha Lance Bottoms said the city is asking its employees, retired workers receiving pension payments and anyone who does business with Atlanta, including water/sewer customers, contractors and vendors, to check their accounts to make sure they were not hacked as part of this breach. According to DHS officials, the attack hit the city at around 5 a.m.Thursday morning and officials informed the public hours later. The Hartsfield-Jackson Atlanta International Airport disabled its free public WiFi and limited functionality of its website - including wait times and flight information - in response to the attack. Some personal and financial data on city computers has been encrypted.

The city is working with the Department of Homeland Security, the FBI and other federal partners to determine how to fix the system and if the ransom should be paid.

Asked whether the city intends to pay the ransom, Mayor Bottoms said that hasn't been determined.

Apparently, the hacker is demanding the city pay $51,000 to unlock all the infected systems or $6,800 per unit, according to local news channel 11Alive.

Atlanta is working with Federal Bureau of Investigation, the Department of Homeland Security and experts from Microsoft and Cisco. An article by Microsoft details that "it provides the city with Azure and Azure Government cloud platforms, Power BI data analytics and other MS technologies". Professor Green said that directive and the note itself is indicative of a serious ransomware attack.

"We don't know the extent or if anyone's personal data or bank accounts will be compromised", Bottoms told reporters. The city has not announced if it plans to pay the ransom. "This is a reflection of us trying to take it seriously".

The city discovered the attack after the security team "noticed something that looked peculiar", on a server, says Daphne Rackley, deputy CISO.

"We don't know if it's limited to information related to just our employees or if it's more extensive than that".

  • Joey Payne