A sophisticated ransomware attack has left the city of Atlanta crippled and cyber-security experts racing to figure out how it happened. The attack has highlighted the importance of cyber-security on both an individual and institutional level as poor defenses embolden criminal hacker groups.
On the morning of Thursday, March 22nd, employees at various municipal agencies in Atlanta discovered that they couldn’t access their files. The only city government agencies unaffected were 911 emergency services, first responders, municipal water services, and functions essential to the operation of Hartsfield Jackson International Airport (although travelers couldn’t even use the Wifi).
However, almost every other online city function was disabled, with police filing tickets and reports by hand and city residents paying their bills the old-fashioned way.
The city government confirmed that they’d received a ransom note for roughly $51,000. The deadline to pay – 7 days. Investigators have identified the attackers as Gold-Lowell, an organized and active group of hackers that have carried out a number of carefully planned ransomware attacks over the past few years. Their tool of choice is usually a piece of malware called SamSam.
In a ransomware attack, a piece of malware infiltrates the victim’s system and encrypts their data, making it inaccessible. The only way to access the data is using an encryption key that the victim must purchase from the hacker.
As is usually the case in their attacks, the Gold-Lowell group provided the city with a website through which it could contact them and even send up to 2 encrypted files to prove that the hackers had a working decryption key. However, that website was shut down after it was leaked and journalists began to flood the anonymous hackers with questions.
Fortunately, the city government claims to be regaining control and has asked employees to begin switching on their computers.
In the past, Gold-Lowell has targeted hospitals, law enforcement agencies, and other institutions that often did not have the luxury of waiting for an alternative solution. They and other attackers often demand their ransoms be paid in cryptocurrencies, making it extraordinarily difficult to track them.
Attacks like these have shown just how insecure many institutions are and how important it is to secure them. Otherwise, it is only a matter of time before the attacks become more frequent and more dangerous. “Luckily,” some hackers have limited their breaches to relatively harmless pranks, like when Dallas’ tornado alarms were set off during one night in 2017 at 11:42 PM during clear weather.
Ransomware can target businesses, government institutions, or even individuals. David Beckham was famously targeted by ransomware hackers who demanded €1,000,000 in order to refrain from publishing embarrassing emails. Indeed, anyone with files they can’t afford to lose is a potential target. Non-targeted attacks can cast a wider net as well. Anyone infected who can’t or won’t pay loses their files, and anyone who can pay nets the hacker a hefty profit.
If you are hit by ransomware, experts warn against paying the ransom if at all possible. Because of the attacker’s anonymity and the ability to easily copy digital files, there’s little guarantee that they will unlock the files or truly relinquish access to or possession of your files upon payment.
Ransomware usually spreads just like any other piece of malware, so the same defenses apply: