As of Tuesday, Atlanta is still contending with a ransomware attack that crippled computer systems and targeted the city’s infrastructure last week.
The attackers, who are said to have acted from outside the United States, locked the city’s computer systems and demanded $51,000 in bitcoin to unlock them on March 22. The ransomware, which is typically delivered through phishing emails, is thought to be a strain of SamSam that exploits Java-based web servers.
“This is an attack on our government, and an attack on us all,” said Atlanta Mayor Keisha Lance Bottoms said at a news conference Monday. “We are not the first city to experience this and we will not be the last.”
When asked whether the city was considering paying the ransom, Bottoms said her office was conferring with federal authorities. The mayor also said that the city is committed to remaining open during the attack and will continue to serve citizens.
Many city employees have been without access to internet and email since Thursday, NPR reports, and the Wi-Fi at Hartsfield-Jackson Atlanta International Airport has been shut off.
The court system, the department of watershed management, and the city’s payroll system were all affected by the attack. Atlanta residents have also been unable to pay their bills electronically. Other institutions, like the department of corrections, have been carrying out all of their administrative operations on paper.
The city has enlisted the help of SecureWorks, a cybersecurity firm and Dell subsidiary, to help deal with the attack. They are joined by local law enforcement, the CIA, FBI, the Secret Service, the Department of Homeland Security, and independent forensic experts.
“We have completed the investigation and containment phases of the operation, and are transition to the recovery phase to restore the city’s critical systems,” said SecureWorks CEO Michael Cote in a press conference.
Anne Torres, the director of communication for the City of Atlanta, declined to comment further on the ransom and origin of the attack. When asked for an estimate on the restoration of all city services, Torres said “our cross-functional incident response team is looking into this matter and working around the clock. It would be inappropriate to speculate on when this matter will be fixed, but we are committed to resolution.”
Since the original announcement of the ransomware, the mayor’s office has said that there is no explicit evidence that the personal data of citizens has been compromised, but officials encouraged both city residents and employees to remain vigilant.
SecureWorks did not respond to requests for comment.