In an unprecedented attack on the IT systems of a major municipal government, hackers are demanding ransom payable in bitcoin after seizing control of computers belonging to the Atlanta city government, AFP reports.
The ransomware assault shut down multiple internal and external applications for the city, including apps that people use to pay bills and access court-related information, Mayor Keisha Lance Bottoms told a news conference Thursday.
The attack also impacted the city’s emergency-response services – forcing dispatchers answering 911 calls to take down reports with a paper and pen
“This is a very serious situation,” Bottoms said.
City officials said they learned of the attack before dawn Thursday when they detected unusual activity on their servers and discovered that some of the city’s data had been encrypted without their consent.
Shortly after, the city government received a ransom note giving instructions for paying to free up files encrypted by the hackers.
The hackers – perhaps having learned from the relatively small take received during previous ransomware attacks like last year’s infamous “WannaCry” global assault – are demanding the city pay a relatively modest ransom: Six bitcoins – or about $51,000.
Newsweek reports that a note provided to city officials included step-by-step instructions on how to pay. It linked to a website URL hosted on the dark web. But at a press conference led by Bottoms, officials told the public they are still assessing the extent of the attack.
“The City of Atlanta has experienced a ransomware cyberattack,” confirmed chief operating officer Richard Cobbs during the briefing. This attack has encrypted some of the city data, however we are still validating the extent of the compromise.”
A statement released to the public read: “The City of Atlanta is currently experiencing outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information.”
“At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue,” it added. “We are confident that our team of technology professionals will be able to restore applications soon.”
Bottoms demurred when asked whether the city is contemplating paying the ransom.
On the option of paying the ransom, Bottoms said: “We can’t speak to that right now, we will be looking for guidance specifically from our federal partners on how best to navigate the best course of action. Right now, we are focused on fixing the issue.”
“The explanation is simple, we don’t know the extent. I would ask that people assume you may be included if personal data has been breached. We don’t know if it’s information related to just our employees or if it’s more extensive than that. Because we don’t know, I think it would be appropriate for the public to be vigilant checking their accounts and making sure credit agencies can also be notified.”
The FBI warned in 2016 that victims of ransomware attacks should refrain from paying ransoms, explaining that it would not guarantee that their data would be released, and, furthermore, would only embolden criminals.
That attack hit more than 200,000 companies, hospitals, government agencies and other organizations in 150 countries, but most of the victims opted to let their data be erased rather than pay the ransom.
The FBI and Department of Homeland Security are investigating.
WannaCry, Petya and other major ransomware attacks were carried out using NSA cyberweapons that were stolen by a group called the Shadowbrokers, who’ve been selling a cache of NSA weapons to whoever is willing to buy them – even launching a subscription service last year. It’s unclear what type of ransomware is being used in the Atlanta attack.