‘Please unplug your Ethernet cable’ — Ransomware hits Atlanta city government
Atlanta Mayor Keisha Lance Bottoms advised residents on Thursday to contact their credit agencies and watch their bank accounts, because the city government’s network has been hit by ransomware.
At a press conference, Bottoms stood beside senior city officials and announced that the source of the city’s application outages had been uncovered at 5:40 a.m. Officials said they do not know whether data has been compromised, and they noted that “several” departments have been affected, including those serving applications residents use to pay bills and access court information.
“We have been working diligently all day long to come to some sort of resolution,” Bottoms said, adding that the city is working with the FBI, Department of Homeland Security, Microsoft and Cisco.
The mayor said critical functions like public safety, water, and the airports have not been affected. A timeline for resolution was not shared.
According to a screenshot received by an NBC affiliate, the attackers are demanding $6,800 per unit or $51,000 to unlock the city’s entire system. The ransomware is thought to be a SamSam strain, which exploits Java-based web servers.
Atlanta Chief Operating Officer Richard Cox, who was appointed by the city as a loaned executive from Cox Automotive last week, said, “I’ve never had a more interesting week to begin a job in my entire career” but was otherwise able to share little additional information about the nature of the attack.
Cox added that while cooperating with federal authorities, “we were advised that there have been several agencies even here in Georgia that have been impacted,” but did not elaborate further. StateScoop is waiting on the city to provide clarification.
When asked about a workaround for accessing the city’s data, acting Chief Information Officer Daphne Rackley said the state’s security measures include a “cloud-first” strategy that reflects how seriously it takes the threats of ransomware and other types of malware.
She verified that this is the first time the City of Atlanta has been attacked by ransomware.
“I’m not familiar with anything of this magnitude occurring [before in Atlanta],” she said.
The announcement comes hours after reports that some city services were not accessible. According to local news outlet Channel 2 Action News, an internal memo from the Atlanta Police Department informed employees that its payroll system could be affected.
“The city network has been compromised,” the statement reads. “If you have not already, please unplug your Ethernet cable from your desktop in an effort to prevent possible corruption, but the damage may already have been done.”
Editor’s Note: This story was updated on March 23, 2018 with additional information.