Atlanta CIO says city has moved more systems to cloud since ransomware attack

Nine months after a crippling cyberattack, Gary Brantley, who was hired in September, says the city is also lending its experience to other governments.
Atlanta CIO Gary Brantley
Atlanta CIO Gary Brantley (City of Atlanta / Vimeo)

The recently installed chief information officer of Atlanta says the city has responded to a March ransomware incident that crippled thousands of government computers and dozens of municipal services by moving more of its infrastructure to cloud services.

In a video published Tuesday by the office of Mayor Keisha Lance Bottoms, CIO Gary Brantley gives a brief update about how Atlanta’s city government is thinking about cybersecurity and its overall information technology framework since the cyberattack.

We’ve also made a lot of transitions to a lot of cloud services,” Brantley says in the two-minute clip. “Even before this happened we had a hybrid strategy, but we wanted to move that percentage a little bit higher, so we’re in the process of doing that as well.”

He also says the city is using its experience to offer advice to other governments hit by ransomware.


“What we focused on more recently is getting back to operational basics,” he says. “We are now trying to establish a blueprint for other cities and agencies around the country. How do you recover in a way that doesn’t affect operations?”

Atlanta’s infection with the ransomware virus known as SamSam, which was detected March 22, knocked out many operations across the city government for weeks, including municipal court scheduling, online bill and tax payments and the public Wi-Fi network at Hartsfield–Jackson Atlanta International Airport. It also caused city officials to lose years of archived emails and rendered police unable to access video footage from dashboard-mounted cameras. While city services have been restored since March, the ransomware experience has been costly for Atlanta, which may eventually spend $17 million to repair all the damage and upgrade its security systems.

You have to have a security strategy around everything you introduced into your environment,” Brantley says. “You hear people talk about disaster recovery. You hear people talk about business continuity. During those phases you lay out what your critical applications are.”

Atlanta was one of more than 200 entities across the United States and Canada hit by the SamSam ransomware within three years, according to federal cybercrime charges filed last month against two Iranian citizens accused of carrying out the attacks. The virus was designed to be surreptitiously installed on targeted computers, which were then encrypted, with users being told they could only unlock their files if they paid a specified amount in bitcoin. In Atlanta, where 3,789 city-owned computers were infected, the alleged hackers demanded a sum equivalent to about $51,000, which the city did not pay, according to court records.

Bottoms, who was inaugurated in January, hired Brantley in September, nearly six months after the ransomware incident. Previously, he was the CIO for the public schools in DeKalb County, which includes part of Atlanta and many of the city’s suburbs. (An interim CIO, Daphney Rackley, had been in charge of Atlanta’s IT operations since January.) While Brantley’s role as CIO focuses on managing the computer systems the city’s 8,000 employees use to deliver services to its nearly 475,000 residents, his hiring also made him an immediate face of Atlanta’s ongoing response to the March cyberattack.


Watch Brantley’s full video below:

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts