ATLANTA - Seven days ago, the city of Atlanta, Georgia was hit with a Ransomware attack called SamSam, where the hackers encrypted the entire city government's infrastructure and demanded $51,000 in Bitcoin for the decryption keys needed to unlock the systems and keep the city up and running. However, based on the direction of the federal government and independent cyber security experts from the area, Atlanta Mayor Keisha Lance Bottoms decided that paying the ransom would be more detrimental in the long-run. Choosing not to pay the ransom demanded by the hackers, the city's government systems have been shut down since the incident.
As of Tuesday night, city officials have started to turn employee computers and central servers back on, one-by-one, in an effort to locate the infected machines and deal with them on a case-by-case basis. Although employees are able to finally get back to work and help the city get back on it's feet, many of the online systems put in place to help the citizens of Atlanta are still non-functional with no timetable for their regained use.
The SamSam Ransomware attack is the largest cyber attack on a major U.S. city, ever. According to the New York Times, the only other instance in which a city in the United States dealt with this type of attack was in late 2017 when a hacker gained access to the city of Dallas' (Texas) network and set off tornado sirens in the middle of the night.
The most devastating part about an attack like this is the group of hackers that are responsible. Once they gained access to the infrastructure of the city, they were able to "silently" navigate their way throughout all connected servers and computers while they encrypted tens of thousands of files, renamed them "I'm Sorry", and demanded that the city pay for their "safe return". If the hackers do not receive payment from the city in exchange for the safe return of their files, they will render them permanently incapacitated and destroy the decryption keys and/or delete the files altogether. However, if the city does choose to pay there is absolutely no guarantee that the hackers would provide them with the decryption codes and set their files free.
Mayor Bottoms said, "I just want to make the point that this is much bigger than a ransomware attack," she said. "This is really an attack on our government, which means it's an attack on all of us." She reiterated the fact that this is an act of cyber terrorism and that our government will not negotiate with terrorists of any kind. Mayor Bottoms alerted city employees that they should check their personal bank accounts to make sure that their funds are secure, due to the fact that the hackers have seized all information that was kept on the city's network including personally identifiable information (PII) of their workers.
Some of the major systems that have been rendered helpless since the onset of this attack are the ability for the Municipal Courts to issue and validate warrants, Police Officers must fill out forms using pen and paper, and employment applications are not being taken at this point in time. The one bit of good news is that the hack did not effect the utilization of 911 services, allowing citizens to still reach essential personnel as required.
Who Is SamSam?
SamSam is a group of hackers that has employed countless cyber attacks on institutions such as hospitals and major businesses. According to a New York Times report on the matter, SamSam has been one of, if not the most successful ransomware ring. It is estimated that the group that calls themselves SamSam has received over $1 million in ransom demands over 30 major breaches in 2018 alone! Just to put those numbers into perspective, the group has breached a major organization every 3 days this year with approximately $11,500 in return per attack. If the hacking group were to keep up these numbers, they would execute an estimated 121 high-scale security breaches and gross over $121 million for the 2018 fiscal year.
Top security officials say that companies and private citizens who are met with a ransomware attack should not pay the ransom and should seek help from independent contractors who can help identify the source and eliminate the issue. They also mentioned that paying the ransom only increases the likelihood of ransomware spreading faster and wider until it becomes an epidemic.
An anonymous executive for a major business corporation mentioned that they can easily afford to pay the $50,000 ransom to the hackers, and they would rather do so then be shut down until the problem is located and solved. The cost-benefit analysis of down-time versus the cost of the ransom payment creates a an easy choice for major corporations saying that they will pay the ransom, because they would lose more if they had to shut down their network and wait for the issue to come to a resolution.
Ransomware: The Crime That Pays
Whoever said that crime doesn't pay clearly did not know or think about cyber hacking and the crippling effects that it will have on major infrastructures such as governments, hospitals, courts, police stations, major business corporations, schools, and much more.
According to the New York Times, Ransomware started around 2009, in Europe, where hackers would social engineer or brute force their way onto a network and lock files. They would demand approximately 100 euros in return for their safety. Fast forward to 2018 where we find that Ransomware has grown to become a chosen field or work for people. Hackers have evolved in to sophisticated groups who elude authorities and create mass terror and chaos in an effort to make money. Hacking has become a full-time job for these criminals who can send out phishing scams to 250,000 random people in an email all while they are trying to brute force a major company's network to gain access to that as well. In fact, hacking and Ransomware has grown so exponentially over the last decade that nation states such as Russia and North Korea have started using Ransomware as a tool to attack vulnerable countries that they are at odds with. It is estimated that Ransomware brought in over $1 billion in gross revenue in 2016. Those numbers are expected to be blown away from the totals of 2017 (when they are published), which are expected to hit a record $5 billion from Ransomware attacks alone.
Fallout From Atlanta City Government Attacks
According to a 2016 International City/County Management Association (ICMA) and University of Maryland survey, Chief Information Officers found that the use of ransoms had vastly increased as the primary reason for cyber attacks on city and local government accounting for almost 33% of all cyber attacks. Furthermore, they reported that city officials receive dozens of cyber threats, usually from phishing scams, on a daily basis. Of those who were surveyed, over 34% had mentioned that after becoming aware of the threats that they were facing on a regular basis, they still had not taken the necessary precautions to help prevent the event of further attacks.
Mayor Bottoms should heed the caution-heavy advice from the independent contractors helping with the current breach, and implement the necessary rules and systems necessary to make sure that an attack of this magnitude cannot get past their defenses again.
