Almost two weeks out from a citywide ransomware attack, Atlanta is still struggling to get back control of its technical infrastructure. Councilman Howard Shook's office lost about 16 years of digital records, reports Reuters. As of right now city officials believe data is just encrypted and not in the possession of the hackers behind the attack, but they cannot confirm it.
City council employees continue to recreate audit spreadsheets and even share "a single clunky personal laptop," according to the report. Files on a separate city computer appeared marred by the attack with file names tweaked to include "weapologize" and "imsorry."
- Monday night Atlanta's Hartsfield-Jackson International Airport had its Wi-Fi restored, reports Fox 5. The system was taken offline on March 22 when the rest of the city suffered the ransomware attack. Officials do not believe safety was compromised, but officials took the Wi-Fi and flight information down as a "precaution."
The cyberattack hit the city on March 22 and effectively forced Atlanta to perform a technical overhaul, according to Mayor Keisha Lance Bottoms. The city is beginning its mending process with recovering its servers to be fully operational.
The third party security firm aiding Atlanta in its recovery believes the attackers belong to the SamSam hacking group, a well-known ransomware squad. The hackers behind the group are known for their "clever, high-yield approaches," according to a Wired investigation of the group.
The group capitalizes on existing vulnerabilities or guesses a victim's passwords in their "public-facing systems" to access control of the network.
Local governments, hospitals and universities are typical targets of the SamSam group, according to Wired. This is due to the "manageable" price points for its victims and their willingness to pay. In Atlanta's case, the ransom demand was about $50,000.
The cyberattack on Atlanta has highlighted the hacking group's ability to withstand remediation efforts. Atlanta's attack brought on help from the private sector, including Cisco and Microsoft, to help recover more quickly.