Atlanta’s network almost recovered from cyber attack, cost still unknown

The City of Atlanta’s computer network has nearly recovered from a ransomware cyber attack suffered nearly two months ago, said Chief Operating Officer Richard Cox in an Friday interview with The Atlanta Journal-Constitution and Channel 2 Action News.

Cox said the municipal court is the only department whose computers haven’t been brought back online.

“We are in testing right now,” Cox said, adding that he expects them to be operational in about 10 days.

Cox said the total cost of the attack has yet to be calculated. But emergency contracts posted on the city’s procurement website have a combined not-to-exceed amount of about $5 million.

“If you dig into those numbers a lot of those expenses are inevitably things we were going to have to invest in regardless,” Cox said.

On March 22, city employees were ordered to turn off their computers to stop a virus from spreading through the network and encrypting data. A cyber criminal group demanded that the city pay it about $51,000 in bitcoins — a crypto currency that allows for anonymous transactions online.

The city refused to pay the ransom on the advice of federal agents.

“We were advised, at some point during the attack, this particular threat actor had hit places after the ransom was paid,” Cox said.

Following the attack, the city hired Secureworks, a Dell subsidiary, who has emerged as an early authority on the cyber-criminal group, “Gold Lowell.” That group is being blamed for a rash of cyber attacks involving a variant of SamSam, the type of ransomware that struck Atlanta.

In early 2018, about a month before the Atlanta cyber attack, Secureworks published a report titled “SamSam Ransomware Campaigns,” which noted that the recent attacks involving SamSam have been opportunistic, lucrative and impacted a wide range of organizations.

Cox said on Friday it was too soon to say if any data or other records had been permanently lost.

“We are still in the process of going through files to understand the status,” he said. “That process will continue to take quite a while.”

The city provided a copy of its cyber attack insurance policy to the AJC this week in response to a public records request, but redacted the coverage limits, citing security concerns.

Cyber attack insurance policies are an uncharted area of the market, and security experts have warned that the risks associated with them are difficult to calculate. The policies contain a number of exclusions and require meeting basic security standards.

Asked if he expected an insurance payout, Cox said: “We are having ongoing conversations with our cyber insurance vendor … Our expectation is that we will be able to partner with them in a very fair manner.”

Reader Comments ...

Next Up in Local

DeKalb unveils ‘Penny Power’ SPLOST public education campaign
DeKalb unveils ‘Penny Power’ SPLOST public education campaign

DeKalb County CEO Michael Thurmond unveiled a new public education campaign created to provide transparency, accountability and awareness of the county’s progress on Special Purpose Local Option Sales Tax projects, a. “DeKalb County is focused on being wise stewards of SPLOST pennies,” said CEO Thurmond. “The county will be...
DeKalb County invests $8 million in public safety equipment
DeKalb County invests $8 million in public safety equipment

DeKalb County CEO Michael Thurmond announced that the county has invested $8 million to purchase public safety vehicles and emergency equipment, according to a press release. The funding was generated from the one-cent Special Purpose Local Sales Tax approved by voters in November 2017. The DeKalb County Police Department purchased 50 police patrol...
Children’s hospital introduces newest facility dog
Children’s hospital introduces newest facility dog

There’s a new pup in the Children’s Healthcare of Atlanta Canine For Kids program, according to press release. Lotus, an 18-month-old chocolate lab/golden retriever mix had her first day on the job on Monday, Sept. 17. Lotus will be working with her handler, chaplain Michael Fogas, at Scottish Rite hospital as the first dog in the program...
JUST IN: Valet parking attendant carjacked outside Buckhead hotel
JUST IN: Valet parking attendant carjacked outside Buckhead hotel

A valet parking attendant was carjacked by a masked gunman outside a Buckhead hotel early Thursday, Channel 2 Action News reported. Atlanta police told the news station the gunman watched the DoubleTree Hotel on Peachtree Road near Lenox Square, waiting until the valet moved a hotel guest’s car before making his approach. “As the valet...
CobbLinc bus survey open for comments
CobbLinc bus survey open for comments

Comments are requested from the public by Cobb County Department of Transportation officials on their five-year plan, titled CobbLinc Forward, for the county’s bus network. CobbLinc Forward will provide Sunday service, better service to more customers, major improvements to system reliability and to on-time performance and better match service...
More Stories