The city of Atlanta is making progress as it recovers from last week’s cyberattack in which one or more hackers installed ransomware on the city’s computer system.
“We have significant experience with this type of threat activity,” said Mike Cote, CEO of Secureworks, the Atlanta-based computer security company hired to help the city deal with the issue. “I have directed the surge of Secureworks’ subject matter experts to work closely with the city’s task force to get mission-critical systems back online as prudently and expeditiously as possible, to ensure the appropriate security processes and defenses are in place going forward. We have completed the investigation in containment phases of this incident response engagement, based on our assessment of the threat risks and impacts, we are transitioning to the recovery phase to include the methodical restoration of critical systems.”
Cote was one of several individuals who spoke at a March 26 news conference at City Hall, where officials and others updated the media on the March 22 attack. The hacker(s) have demanded $51,000 in Bitcoin payments to unlock Atlanta’s affected systems. The city has not paid the ransom yet, but Mayor Keisha Lance Bottoms said it is considering doing so as one of its options.
In addition to Secureworks, the city is working with the FBI, the U.S. Department of Homeland Security, the Secret Service, the Microsoft and Cisco incident response teams and others to solve the problem.
“This is more than just a ransomware attack. This is an attack on our government, which is an attack on all of us,” Bottoms said. “We just want to continue to be thoughtful so we as a city are doing all we need to do to make sure we’re secure going forward.”
Cote said the city has an idea of who is behind the cyberattack but would not name the suspect(s) or where they are from since the investigation is still ongoing. However, Bottoms said she’s confident the hack was done remotely and not from inside City Hall.
Also, in a March 27 news release, the city announced it is telling its employees they can turn on computers and printers again for the first time since the attack. According to the release, some computers should be operating as normal, though some may still be affected by the attack.
The city also announced its email, Oracle, Siebel, Accela and select services for employees in enQuesta are again available, but Capricorn, the customer web portal is not yet accessible.
At the news conference, Chief Operating Officer Richard Cox said the city’s public safety, MARTA and airport systems are “operating without interruption,” but the department of watershed management, the offices of city planning, zoning and development and housing and community development and the municipal court systems are partly affected by the hack, meaning some bills must be paid by phone or in person, depending on the department.
When asked when the city would be between 90 and 100 percent operational, Bottoms said she couldn’t divulge that information but added the city’s staff is working around the clock to get its systems completely back to normal.
Cote said the city is “beginning to move into the recovery phase” regarding its response to the attack.
When asked where the hack originated and if that vulnerability had been patched up, Bottoms said. “We are looking at the entire system. We have some thoughts on what our vulnerabilities are, but right now our focus is on what we need to do move forward and making sure we are fortified (for the future).”