March 28, 2018 | By Chris M. Roberts
In late March, the City of Atlanta was the latest victim of a large ransomware attack. Most cyberattacks in the news have a primary goal of exfiltrating data in order to sell it on the dark web. Even if IT security departments don’t detect the malware, they will likely notice a large flow of information leaving their networks and will grow suspicious. Ransomware on the other hand, once gaining access, will generally encrypt critical data and leave it on the victim’s network. This can be done very quickly and covertly. The attackers then offer to sell the decryption key for some sum of money.
The Atlanta attack has made it impossible for residents to pay traffic tickets, water bills, and report potholes on the roads. To be extra cautious, city workers were not allowed to turn on their computers for days and Hartsfield-Jackson Airport even shutdown their Wi-Fi. The City has been reduced to using pen and paper again, which obviously slowed productivity and cost money. To add insult to injury, word of an extensive cybersecurity audit of the city’s IT infrastructure listed thousands of severe and critical vulnerabilities, which indicates that the city knew they were at risk for months.
IISP Analyst Chris M. Roberts: "The attackers in this case requested $51,000 to be paid in the form of a crypto-currency. The City’s 2018 operating budget is set at $2.1 billion and, as of late last year, had cash reserves of more than $170 million. This begs the question, should they have just paid the $51,000, which is less than 0.000025% of the budget and only 0.0003% of their cash reserve? This is about the equivalent of someone holding a family’s data hostage for the price of a lunch. So far, the City has decided not to pay the ransom and would rather have their employees use pen and paper.
The cost of not paying the ransom (or should I call it, “Bad IT Tax”?) likely already has exceeded the cost of ransom. Of course, the fear is that the attacker doesn’t give you the encryption key or they ask for more money. However, Indiana-based hospital Hancock Health was hit with a very similar attack, quickly paid the $55,000 ransom, and got back to work. In either case, nothing is stopping another ransomware attack until the vulnerabilities are patched. So what’s stopping Atlanta from paying up? Seems like at this point it’s one of two things: fear or pride. Atlanta, you’ve just been forced to heavily invest in your IT security. Maybe you should be thanking your attackers. A different style of cyberattack could have cost you much more money. Maybe now you will be able to prevent those kinds of attacks. For the time being, it looks like potholes will remain."
For further reading
- WGCL-TV CBS 46 Atlanta: http://www.cbs46.com/story/37821878/internal-audit-shows-city-knew-of-it-vulnerabilities
- WRAL TechWire: https://www.wraltechwire.com/2018/03/28/cyber-attack-cripples-atlanta-and-security-experts-shudder/