A ransomware attack possibly of SamSam may be responsible for outages in the City of Atlanta’s computer systems.
The city information security training experts issued a statement confirming that computers are “currently experiencing outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information.”
Members of the Atlanta Information Management team are working diligently with support from Microsoft to resolve the issue and expect to restore applications soon, the statement said, adding that it would provide updates on its website, Atlantaga.gov, which “remains accessible.”
While the city’s transit system, MARTA (Metropolitan Atlanta Rapid Transit Authority), has had some issues Thursday, according to a local news report, the area’s busy Hartsfield-Jackson Atlanta International Airport, has not been hit nor have the 911 and dispatch systems.
“MARTA is currently experiencing a technical outage impacting MARTA Bid, Breeze Card, Reduced Fare and the MARTA On-the-Go sites,” MARTA tweeted. “This issue is currently being troubleshot by MARTA IT. We do apologize for any inconvenience caused.”
The information security training researchers report said a screenshot submitted by a city employee and analyzed by an expert shows a ransom demand for “$6,800 per unit, or $51,000 to unlock the entire system.”
An information security training expert by local news said the attack seemed be a result of SamSam ransomware.
In February, the Colorado Department of Transportation (CDOT) was hit by SamSam ransomware, forcing the organization to shut down 2,000 computers across its system while it investigates and attempts to mitigate the attack.
The FBI said it’s “coordinating with the city of Atlanta” to get to the bottom of the cyberattack, the report said.
“Ransomware can be devastating to anyone but when it hits city, government, or hospital servers it can affects hundreds or thousands of people,” said Lamar Bailey, director of information security research and development at Tripwire, who noted the best defense is implementing foundational controls and practicing base security hygiene. “Running a server is like standing in a room full of people with the flu. If you don’t want to get sick, do basic hygiene like wearing a mask, not eating or drinking after others, and wash your hands. Taking Tamiflu after the fact will help you get better, but it is still going to suck for several days.”
But once an attack occurs “there are only a few options to pay the ransom which may or may not work, including restore from a backup, or rebuild the system,” the information security training professional said. “The restore option is generally the quickest and easiest way to get things running again, but if the restore image is not clean, it could happen all over again.”