Atlanta’s network almost recovered from cyber attack, cost still unknown


The City of Atlanta’s computer network has nearly recovered from a ransomware cyber attack suffered nearly two months ago, said Chief Operating Officer Richard Cox in an Friday interview with The Atlanta Journal-Constitution and Channel 2 Action News.

Cox said the municipal court is the only department whose computers haven’t been brought back online.

“We are in testing right now,” Cox said, adding that he expects them to be operational in about 10 days.

Cox said the total cost of the attack has yet to be calculated. But emergency contracts posted on the city’s procurement website have a combined not-to-exceed amount of about $5 million.

“If you dig into those numbers a lot of those expenses are inevitably things we were going to have to invest in regardless,” Cox said.

On March 22, city employees were ordered to turn off their computers to stop a virus from spreading through the network and encrypting data. A cyber criminal group demanded that the city pay it about $51,000 in bitcoins — a crypto currency that allows for anonymous transactions online.

The city refused to pay the ransom on the advice of federal agents.

“We were advised, at some point during the attack, this particular threat actor had hit places after the ransom was paid,” Cox said.

Following the attack, the city hired Secureworks, a Dell subsidiary, who has emerged as an early authority on the cyber-criminal group, “Gold Lowell.” That group is being blamed for a rash of cyber attacks involving a variant of SamSam, the type of ransomware that struck Atlanta.

In early 2018, about a month before the Atlanta cyber attack, Secureworks published a report titled “SamSam Ransomware Campaigns,” which noted that the recent attacks involving SamSam have been opportunistic, lucrative and impacted a wide range of organizations.

Cox said on Friday it was too soon to say if any data or other records had been permanently lost.

“We are still in the process of going through files to understand the status,” he said. “That process will continue to take quite a while.”

The city provided a copy of its cyber attack insurance policy to the AJC this week in response to a public records request, but redacted the coverage limits, citing security concerns.

Cyber attack insurance policies are an uncharted area of the market, and security experts have warned that the risks associated with them are difficult to calculate. The policies contain a number of exclusions and require meeting basic security standards.

Asked if he expected an insurance payout, Cox said: “We are having ongoing conversations with our cyber insurance vendor … Our expectation is that we will be able to partner with them in a very fair manner.”



Reader Comments ...


Next Up in Local

Chicken house goes up in flames, ‘unknown number’ of hens dead
Chicken house goes up in flames, ‘unknown number’ of hens dead

A structure housing thousands of chickens in Hall County went up in flames Tuesday night, officials said. About 9,000 egg-laying hens lived at the house, and an “unknown number” of them are dead, Hall County fire spokesman Capt. Zachary Brackett said in a statement. About 30 percent of the 500-foot chicken house in the 4000 block of...
Celebrate Native American heritage at Gwinnett festival
Celebrate Native American heritage at Gwinnett festival

Gwinnett County is holding its Native American Festival this weekend, celebrating tribes indigenous to Georgia. The first Native Americans were believed to be in Georgia more than 12,000 years ago, according to the New Georgia Encyclopedia. The festival will include a sample of those native peoples’ traditions, including Cherokee games, grinding...
See the 2018 Black Friday hours for Lenox Square mall and Phipps Plaza
See the 2018 Black Friday hours for Lenox Square mall and Phipps Plaza

Eventually, “Black Friday” might be changed to “Black Thursday through Sunday.” Until then, just deal with the misnomer.  Hey, speaking of the pre-Christmas holiday: The 2018 Black Friday hours have been announced for Buckhead’s two major malls.  The most important distinction between the two is that Lenox...
Cops: Threat to ‘shoot up’ DeKalb elementary school came from outside U.S., was not credible
Cops: Threat to ‘shoot up’ DeKalb elementary school came from outside U.S., was not credible

Investigators debunked a social media threat to “shoot up” Dunwoody Elementary School after they learned it came from someone outside of the country. Dunwoody police became aware of the threat and immediately notified officers with the DeKalb County School District, police said Wednesday. It involved “an individual threatening...
Texas thief steals $300,000 Ferrari, leaves Suburban behind
Texas thief steals $300,000 Ferrari, leaves Suburban behind

A Texas thief stole a $300,000 Ferrari that was parked in the driveway of a suburban Dallas home, but left his damaged Chevrolet Suburban at the scene, WFAA reported. >> Read more trending news  The owner of the car -- a white, 2018 Ferrari GTC4Lusso T -- said his car was parked in the driveway on the side of the home, unlocked and...
More Stories