Cybersecurity Blog

Cybersecurity researchers from across Georgia Tech and the Georgia Tech Research Institute share their thoughts about emerging threats, trends, and technologies in the constant fight to secure data and information systems. Read what's capturing their attention and new insights they offer about cybersecurity topics in the news.

Blog entires are aggregated monthly into the Source Port newsletter, with additional research and updates from Georgia Tech. Source Port is published on the first business day of the month.


Just Pay the Bd 'IT Tax'

March 28, 2018  |  By Chris M. Roberts

In late March, the City of Atlanta was the latest victim of a large ransomware attack. Most cyberattacks in the news have a primary goal of exfiltrating data in order to sell it on the dark web. Even if IT security departments don’t detect the malware, they will likely notice a large flow of information leaving their networks and will grow suspicious. Ransomware on the other hand, once gaining access, will generally encrypt critical data and leave it on the victim’s network. This can be done very quickly and covertly. The attackers then offer to sell the decryption key for some sum of money.

The Atlanta attack has made it impossible for residents to pay traffic tickets, water bills, and report potholes on the roads. To be extra cautious, city workers were not allowed to turn on their computers for days and Hartsfield-Jackson Airport even shutdown their Wi-Fi. The City has been reduced to using pen and paper again, which obviously slowed productivity and cost money. To add insult to injury, word of an extensive cybersecurity audit of the city’s IT infrastructure listed thousands of severe and critical vulnerabilities, which indicates that the city knew they were at risk for months.


IISP Analyst Chris M. Roberts: "The attackers in this case requested $51,000 to be paid in the form of a crypto-currency.  The City’s 2018 operating budget is set at $2.1 billion and, as of late last year, had cash reserves of more than $170 million. This begs the question, should they have just paid the $51,000, which is less than 0.000025% of the budget and only 0.0003% of their cash reserve? This is about the equivalent of someone holding a family’s data hostage for the price of a lunch.  So far, the City has decided not to pay the ransom and would rather have their employees use pen and paper. 

 The cost of not paying the ransom (or should I call it, “Bad IT Tax”?) likely already has exceeded the cost of ransom. Of course, the fear is that the attacker doesn’t give you the encryption key or they ask for more money.  However, Indiana-based hospital Hancock Health was hit with a very similar attack, quickly paid the $55,000 ransom, and got back to work. In either case, nothing is stopping another ransomware attack until the vulnerabilities are patched. So what’s stopping Atlanta from paying up?  Seems like at this point it’s one of two things: fear or pride.  Atlanta, you’ve just been forced to heavily invest in your IT security. Maybe you should be thanking your attackers. A different style of cyberattack could have cost you much more money. Maybe now you will be able to prevent those kinds of attacks. For the time being, it looks like potholes will remain."


Our Past 10...

New Cyber Report a Handy Reference of Govt Directives
Mar. 28, 2018

Lt. Gen.Paul Nakasone to Head NSA/CYBERCOM
Mar. 28, 2018

Nine Iranian Hackers Charged with Stealing Massive Dataset through Spear-phising Attacks
Mar. 26, 2018

Vulnerabilities in AMD Chips Highlight Trend Toward Hardware-based Attacks
Mar. 15, 2018

Compliance Does Not Equal Security
Feb. 27, 2018

New Cryptomining Attacks Force Re-Evaluation of Trust in Websites
Feb. 26, 2018

Better Biometric-Based Authentication
Feb. 20, 2018

Fines for Faulty Defense in the U.K.
Jan. 30, 2018

Patch for Meltdown and Spectre? On Standby
Jan. 25, 2018

Net Neutrality Repeal? This Isn't the Cybersecurity You're Looking For
Jan. 25, 2018

About the Analysts


Holly Dragoo is a research associate with the Advanced Concepts Laboratory (ACL) at the Georgia Tech Research Institute. Her previous work with the U.S. Department of Defense and Federal Bureau of Investigation give her a unique understanding of intelligence community requirements. Dragoo’s research interests include cybersecurity policy issues, threat attribution, metadata analysis, and adversarial network reconstruction. More By Holly



Panagiotis Kintis is a Ph.D. student at Georgia Tech's School of Computer Science and a researcher in the Astrolvaos Lab. His research examines new techniques for data analysis and cyber attribution with special focus on clues that can be obtained from the network layer of the Internet, such as bot activity and domain name abuse (combosquatting).




Brenden Kuerbis, Ph.D., is a postdoctoral researcher at Georgia Tech’s School of Public Policy and a former Fellow in Internet Security Governance at the Citizen Lab, Munk School of Global Affairs, University of Toronto. His research focuses on the governance of Internet identifiers (e.g., domain names, IP addresses) and the intersection of nation-state cybersecurity concerns with forms of Internet governance. More by Brenden




Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation. More by Joel




Chris M. Roberts is a senior research engineer with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute specializing in embedded firmware reverse engineering and hardware analysis.  Mr. Roberts’ technical expertise has expanded to cover radio frequency system design, electronic and cyber warfare, hardware and firmware reverse engineering, vulnerability assessments of embedded systems and assessment of vulnerability to wireless cyberattacks. More by Chris