Atlanta Hit by Ransomware Attack Impacting Multiple Services

Atlanta city systems have been impacted by a ransomware attack, though the CIO claims the city's cloud first approach has helped to mitigate the impact.

Atlanta ransomware

The City of Atlanta is the latest victim of a large-scale ransomware attack, though it could have been worse without the cloud, according Atlanta's chief information officer. 

On March 22, Atlanta Mayor Keisha Bottoms, confirmed that a ransomware attack had occurred against IT systems operated by the city of Atlanta, with attackers demanding payment of approximately $51,000 ransom in Bitcoin to release the impacted systems.

"The City of Atlanta is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information," Atlanta city officials wrote in a Twitter message.

"Our information management team is working with the FBI, Homeland Security and also external partners from Microsoft and Cisco cyber-security incident response teams to help resolve this issue," Atlanta Mayor Bottoms said in a press conference on March 22.

In a ransomware attack, malware is somehow loaded onto a system, that attempts to encrypt all the data on victimized system. The victim is then presented with a demand, or ransom message, for payment in order to get the decryption key to restore data.  Ransomware attacks have taken aim at U.S cities and infrastructure in the past, including a November 2016 attack against the San Francisco transit system.

City of Atlanta Chief Operating Officer Richard Cox said during a press conference, that at approximately 5:40 AM on March 22, information management officials were made aware of an outage of a number of the city's applications. Cox noted that while several city departments have been impacted, the departments of public safety, water services and airport are operating without incident.

"The City of Atlanta has experience a ransomware cyber-attack. This attack has encrypted some of the city's data, however we're still validating the extent of the compromise," Cox said. 

Cox noted that it's not clear if personal information was compromised in the ransomware attack and as a precaution, he advised city employees to monitor and protect their personal information. He added that the city of Atlanta will offer employees additional resource to protect their personal information as needed in the coming days.


During the press conference, Atlanta officials were asked if the ransomware attack was due to missteps or unpatched systems in Atlanta's IT operations. 

"This is not a new issue to the State of Georgia or to our country and we have been taking active measures to mitigate risks," Atlanta Chief Information Officer Daphne Rackley said during the press conference. "Those measures I think have limited the impact in this instance."

In particular, Rackley noted that Atlanta has taken a 'cloud first' strategy where many of the city's systems are being migrated to the cloud, in an effort to provide more robust security controls and availability. Rackely also noted that Atlanta has data backups for the impacted systems.

"We do have backup systems already which will help with restoration as needed," Rackely said. "But we're just at first stage of the investigation and figuring out what to do next."

In any ransomware attack, one of the potential options is for the victim to pay the ransom as demanded by attackers. It's not clear if that option is acceptable to the Atlanta administration.

"We can't speak to that right now," Mayor Bottoms said in response to a press conference question about whether Atlanta will pay the ransom. "We will be looking for guidance from our federal partners on how to navigate the best course of action. Right now we're focused on fixing the issue."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.