Atlanta officials reported that the computers in the city were infected by a severe ransomware attack.
Last Thursday, the mayor of Atlanta Keisha Lance Bottoms reported that a malware has paralyzed some internal systems and encrypted the city’s data.
The malware attack has caused the interruption of several city’s online services, including “various internal and customer-facing applications” used to pay bills or access court-related information.
Currently, the extent of the infection remains unknown, however, the security researchers fear other consequences for the citizens.
Due to the possibility of a data breach, the mayor of Atlanta recommended the city’s employees and anyone who had conducted transactions with Atlanta to monitor their bank accounts at all times.
“Yesterday morning, computer trouble started interfering with the normal computer operations on the Atlanta government network.” Forbes reads.
“Later on, mayor Keisha Lance Bottoms called a press conference to clear the air. The source of the problem: a ransomware attack that had compromised multiple systems.”
“We don’t know the extent so we just ask that you be vigilant,” the mayor said in the news conference. “All of us are subject to this attack, if you will. Many of us pay our bills online, we have direct deposit, so go online and check your bank statements.”
According to the investigators, the attackers have first compromised a vulnerable server, and then the malware began spreading to desktop computers throughout the whole city network.
The new Chief Operating Officer of Atlanta Richard Cox announced that several city departments have already been affected.
“We don’t know the extent so we just ask that you be vigilant,” Keisha Bottoms stated. “All of us are subject to this attack, if you will. Many of us pay our bills online, we have direct deposit, so go online and check your bank statements.”
According to the experts, there are no critical infrastructure and services that have been affected, and all the departments responsible for public safety, water, and airport services are operating as normal.
In response to the ransomware attack, the IT specialists sent emails to city employees in multiple departments asking them to disconnect their computers from the network in case they notice any suspicious activity.
According to a security expert whose opinion is based on the language used in the message, the malware infection was caused by the SAMSAM ransomware.
In February, 2,000 computers in the Colorado DOT, The Department of Transportation Agency shut down due to a SAMSAM ransomware attack.
The U.S. Department of Justice claims that the SAMSAM strain was used to compromise the networks of many other U.S. victims, including the 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application.
In April 2016, the FBI issued a confidential urgent “Flash” message to the businesses and organizations about the Samsam ransomware and its victims.
Presently, the FBI and Department of Homeland Security are investigating the latest malware attack.
A screenshot of an alleged ransom message was published by the local news channel WXIA. The note demands 0.8 bitcoin (roughly $6,800) per computer or 6 bitcoin ($50,000) for keys to unlock the entire network.
The city mayor said that Atlanta would look for advice from federal authorities on how to “navigate the best course of action”.
