Blog Date: 5/8/2018
Author: Ray Coulombe

Earlier this year, in March, the City of Atlanta’s nearly 8,000 employees heard words they never thought they would hear: “It’s okay to turn your computers on.” Their computers were powered off for five days. In those five days Atlanta residents could not pay traffic tickets, water bills, or report city issues. The police officers were hand-writing reports and there was no free WIFI at the airport.

What happened? A ransomware attack—one of the largest ever against an American city. In a ransomware attack, malicious software cripples a victim’s computer or network and blocks access to important data until the ransom is paid to unlock it. Essentially, a hostage situation. Ransomware criminals lock their victims’ files with encryption, temporarily changes the file names to “I’m sorry” and “we apologize,” and demand payment before threatening to or actually permanently deleting all the files.

In Atlanta, the bad guys are known as “SamSam”. The SamSam group chooses targets that are the most likely to accede to its high ransom demands—typically the equivalent of about $50,000 in Bitcoin—and for finding and locking up the victims’ most valuable data. They have extorted more than $1 million from some 30 target organizations in 2018 alone. Luckily, the Atlanta ransom demand was only about $51,000, but left the city scrambling for days. What is also interesting is that the attack, unlock most others, was not the result of a phishing scheme, but rather based on software designed to ferret out and exploit weak passwords.

Ransomware isn’t new: The concept originally started in Eastern Europe in 2009, when cybercriminals started using malicious code to lock up unsuspecting users’ machines and then demanding 100 euros or similar sums to unlock them again. Since then, the hack been used in many targeted places around the world.

But, this specific attack is perplexing to many: Why Atlanta? Why only $51,000? Who’s next? We may never know all the answers, (they haven’t found the hackers—the federal investigation is still ongoing) but we do know how to make ransomware attacks less likely to succeed.

Update your passwords! Since the attack, the city’s I.T. department has provided new email passwords and strengthened all email filters.

Train your employees: Experts said government officials should have been more aggressive about preventive measures, like training employees to spot and sidestep “phishing” attempts meant to trick them into opening the digital door for ransomware.

Government officials are painfully beginning to realize that keeping the public safe also means allocating more budget to cybersecurity. Is your business doing the same?

Back to Blog List