Atlanta Ransomware Attack Leaves Court Systems Offline As City Enters Recovery Phase

Illustration for article titled Atlanta Ransomware Attack Leaves Court Systems Offline As City Enters Recovery Phase
Photo: AP

“We are dealing with a hostage situation,” Atlanta’s Mayor Keisha Lance Bottoms told reporters this week as her government, the target of a malicious cyberattack, ground to a halt.


Residents were kept from paying their bills, and those trying to go online to switch on water services at new homes have been left with dry taps. Municipal courts, too, have been closed, meaning parking tickets and other citations are going unpaid.

But all in all, it could’ve been much worse.

City employees, at least, are still getting paid, and no one was hurt. Past attacks, such as those in London last year, have left hospitals frantically transferring patients and redirecting the injured away from affected emergency rooms.

On Tuesday, Atlanta began turning its computers and printers back on, though the Hartsfield-Jackson Atlanta International Airport kept its free wi-fi service offline out of an “abundance of caution.” An outbreak at the airport could be a disaster, particularly if the infection compromised unsuspecting travelers en route to other cities, where more potentially vulnerable systems await.

In Baltimore, Maryland, less than 700 miles to the northeast, a ransomware attack temporarily crippled the city’s 911 dispatch system, official said Wednesday.

The Atlanta attack, discovered on March 22nd, was followed by a demand: $51,000 in bitcoin. Authorities have not said whether the payment has or will be made. Surrendering, some experts believe with obvious justification, will only encourage future attacks against local governments.


At a news conference Thursday, Atlanta officials said some of the city’s data had been encrypted. The origin of the attack remains unknown and the extent of the compromise is still being evaluated. While at press time the city believes that no personally identifiable information has been stolen, as a precaution, it is operating and investigating the matter as if it were.

SecureWorks, a private company, was brought in to investigate and is working alongside the FBI, Secret Service, and Homeland Security. On Monday, SecureWorks CEO Mike Cote told reporters that its investigation had been completed and that the recovery phrase was underway.


Every aspect of the city’s response will be scrutinized in preparation for the next attack, which is assured to happen in the days, weeks, or at most, months ahead. “Just as much as we really focus on our physical infrastructure, we need to focus on the security of our digital infrastructure,” Bottoms told reporters this week.

“I am looking forward to us really being a national model of how cities can shore themselves up and be stronger because of it,” she said.


The FBI’s Atlanta field office could not be immediately reached for comment.

Senior Reporter, Privacy & Security


Lenny Valentin

Microsoft supposedly built ransomware protection into Windows 10 this past fall, supposedly - but the scheme is almost entirely worthless due to how stupidly it is designed and how oversensitive it is while supposedly “protecting” me.

When something tries to write to a protected folder, the scheme denies the write outright; no ifs, no buts. No alert asking the user if they want to permit it; nope siree. I’ve had software installers fail completely because windows denied the installer to place a shortcut on the desktop...! Seriously? A shortcut on the desktop gets blocked, that’s crazy!

“Certain apps” deemed safe by Microsoft will have permission to bypass the protection, but there’s no information in Windows itself detailing which apps that is. Nor does digitally signed apps from big corporations like Apple for example avoid tripping up on this “protection” scheme; iCloud for Windows for example can’t sync pictures because any attempts to write new images to the photos folder will be summarily blocked.

And never does Windows properly log which programs attempt to make accesses to protected folders so I can reasonably easily place them on the whitelist. Nooo, that would be asking too much! Instead I must manually browse my system drive and find each and every executable which might possibly want to write to a protected folder. What a dumbshit system, seriously.

It even blocks certain of windows own subsystems from doing their thing, which is just friggin’ bananas. Stupid Microsoft! You fucking can’t do anything right. This damn thing caused so many problems for me I was forced to turn it off. Swell!