The Atlanta Ransomware Attack

There’s nothing worse than serving up a great idea to a hacker on how to make money, and that’s exactly what’s happening in Atlanta.

In March 2018, the city of Atlanta struggled to rebound after a multi-day cyberattack which caused the city’s website outage. The outage prevented customers from paying bills and fees online, which froze revenues to the city. According to a Reuters article titled Atlanta still grappling with widespread computer hack the city was instructed to pay $51,000 in bitcoin to unlock their systems – which gave the municipality pause for so many reasons. The city is trying to identify which cyber group is responsible for this attack as they have only confirmed publicly that their systems were accessed remotely.

Wired reports that this particular malware is called a “Sam Sam” attack which, ‘infiltrates by exploiting vulnerabilities or guessing weak passwords in a target’s public-facing systems, and then uses mechanisms like the popular Mimikatz password discovery tool to start to gain control of a network. This way, the attack doesn’t need to rely on trickery and social engineering to infect victims. And SamSam has been adapted to exploit a variety of vulnerabilities in remote desktop protocols, Java-based web servers, File Transfer Protocol servers, and other public network components.

Attackers deploying SamSam are also known to choose their targets carefully—often institutions like local governments, hospitals and health records firms, universities, and industrial control services that may prefer to pay the ransom than deal with the infections themselves and risk extended downtime.

Another really frightening trend is hackers are using ransomware attacks to cover their tracks. They steal personal data or worse, then deploy the ransomware, thus making the theft much harder to detect, prosecute or remedy.
The discouraging bit of this event is that it highlights the vulnerability common to most government municipalities. Due to employees who are not well-trained on security threats, paired with tightening budgets, nearly all cities lack the funding to support proper defenses for cutting edge cyber security defense. This characteristic seems to have caught the attention of hacker groups around the world and sadly, could prompt more ransomware attacks across the nation. In fact, According to a recent report by Symantec, the number of ransomware attacks tripled in 2017.

It’s part of a growing trend that we’ve seen in the world of data management. As Bryce Austin, the author of Secure Enough states, “The problem is that cybercriminals have figured out an important new angle to their business model: companies that don’t have information that is valuable on the black market still have information that’s valuable to the company itself.”
It pains us to hear about the ongoing disruption in service that the City of Atlanta is going through, as GDV maintains DRaaS for several municipal and other government entities. We’ve performed numerous recoveries which have led to fast resolution after ransomware or other cyber attack.

Critical systems for first responders and financial portals for customers are pressure points that hackers would love to have access to, and we have mission priority to ensure any disruption in service is minimal for each of these entities. In the video below Brian Childers, president of Comport Consulting tells how, when a municipality lost its first responder exchange server, putting the lives of all those who depended on its police and fire departments at risk, a Friday night call to Global Data Vault had them back online in a couple of hours.

More Ransomware and Cybersecurity Articles

Insider Threat Defined

Insider Threat Defined

Businesses face all types of pressure in today’s marketplace. One of the most devastating is a data loss event that can destroy a company within seconds. Malware threats are increasing at a dizzying pace, and all types of insider threats are taking the stage as the...

OFAC Penalties for Ransomware Payments

OFAC Penalties for Ransomware Payments

As if getting hit with ransomware wasn't costly enough, a statement from The United States Department of the Treasury's Office of Foreign Assets Control (OFAC) titled: Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments indicates potential fines...

Types of Insider Threat

Types of Insider Threat

How many types of insider threats are there? One? Three? Six? All of the above is likely correct, although most people would indicate one commonality in their answers: humans. Most would also separate this human threat into three categories: compromised, negligent,...

Mobile Security

Mobile Security

[Disclaimer – Global Data Vault has no affiliation with MDM vendors, does not endorse, and is not endorsed by MDM/EMM/UEM vendors] We all know that mobile devices are increasing in popularity. In 2018, a Gartner study indicated over 20 billion mobile devices were...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *