FBI called in as some city services are interrupted, employees told to turn off PCs. The city of Atlanta government has apparently become the victim of a ransomware attack. The city’s official Twitter account announced that the city government “is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information.”
According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city’s information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city’s payroll application.
In a statement sent to Ars, a city spokesperson said, “At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue. We are confident that our team of technology professionals will be able to restore applications soon.” The city’s primary website remains online, and the city government will continue to post updates there, the spokesperson added.
An FBI spokesperson told press that the bureau was “coordinating with the city of Atlanta to determine what happened.”
Based on the screenshot, one security expert WXIA showed it to said that it resembled the message from a variant of Samsam, a family of ransomware that struck a number of hospitals two years ago. Those malware attacks exploited a Java de-serialization vulnerability in Java-based application servers. But it’s not clear that the Atlanta outbreak started in the same way.
Update, 5:00pm: In a live stream press conference, the Atlanta City COO said that city payroll will not be affected. Microsoft, Cisco, FBI and DHS officials are involved in the investigation. The stream was published via Twitter, included below: