The Atlanta Ransomware Attack

The recent (and ongoing) malware attack on the City of Atlanta has gained a lot of attention recently. It’s been notable for how much interference and disablement it’s caused for a major city government.

For more than 8 days now, Atlanta has been fighting off the attack.  Some government officials continue to do work with pen and paper; the court system has been incapacitated and residents can’t pay utility bills.   It’s an incredible and long-lasting disruption for the ninth biggest metropolitan area in America.

The culprit is a type of ransomware known as SamSam.  Unlike most other ransomware variants, SamSam doesn’t rely on phishing emails to propagate.  It attacks public-facing vulnerabilities in systems, including guessing passwords on forms.

Some cybersecurity consulting firms believe most SamSam attacks are being generated by a single entity.   One of the things that suggests this is that SamSam attacks appear to target only institutions that will be highly distressed by significant downtime and will therefore be prone to pay a ransom.  Further, SamSam’s requested ransom amounts are higher than most ransomware attacks but at a level that seems payable for the size of the target organizations.  The ransom in the case of the Atlanta attack was $50,000.

Analysts believe the extended downtime suggests the City of Atlanta was not investing properly in security measures.  Unfortunately, this occurs frequently.  Good anti-virus, firewall and data back-up systems, among other measures, can prevent successful attacks and mitigate damage as well.