'Cattle-not-pet' system management could have prevented Atlanta's ransomware attack
Atlanta's March ransomware attack is leading many to believe this is the worst cyberattack on a U.S. city to date, reports Reuters. Police and court services are still dealing with the impact and about 30% of applications are in "mission critical" states, according Daphne Rackley, the city's head of information management, speaking to the Atlanta City Council.
For example, only six of 77 computers consisting of a decade's worth of legal documentation were maintained from the attack, according to interim City Attorney Nina Hickson. The police department's dash cam footage was also unrecoverable.
Rackley is projecting nearly $10 million more in recovery costs. Prior to the hacking, Atlanta Mayor Keisha Lance Bottoms previously proposed a budget of $35 million for the city's technology, according to Reuters.
The city had thought no critical systems were impacted from the cyberattack but as the investigation continues more damages have been revealed. The costs are mounting and the city already paid $2.7 million in recovery from March 22 to April 2.
Atlanta's attackers used a password discovery tool to "move laterally through a network" in public-facing systems with insufficient credentials, according to Adam Firestone, chief engineering officer at Secure Channels Inc., in an emailed statement to CIO Dive. Atlanta needed a refreshed vulnerability assessment to flag shortcomings like weak passwords.
Experts have attributed Atlanta's attack to the hacker group known as SamSam. The group has a reputation of demanding a ransom that is presumably within a victim's means, but Georgia's capital maintains it did not pay the approximately $50,000 worth of bitcoin the ransom demanded.
Ransomware attacks like Atlanta's are most damaging to entities that treat their systems, such as servers or workstations, like pets, not cattle, said Firestone. This means they have yet to embrace virtualization and instead spend time and resources to tend to a sick system.
With the "cattle" approach, IT can just eliminate what is threatening the rest of the infrastructure or "herd." The benefit of virtualizing systems gives the metaphorical sick cow a second chance at life with a backup.
"Deterrence by denial is as effective in cyberspace as it is in physical space," according to Firestone, and "malicious actors can be effectively deterred by simple economics." If organizations in the public or private sector are able to decrease an attacker's return on investment, they can also lower their chances of becoming a hacker's target.
The loss of some data is "inevitable," in most cyberattacks according to Firestone. But a virtualized server would equate to a downtime of mere minutes, which undermines the urgency rooted in ransomware-related outages and the notion of paying a ransom.
Correction: This article has been updated to clarify the "cattle-not-pet" analogy.
Follow Samantha Ann Schwartz on Twitter