March 30, 2018
Time is running out for the city of Atlanta, which was provided until Wednesday to pay off the cyber attackers who laid blockade to city government data and are intimidating to wipe the computers clean.
However, as Georgia Public Broadcasting’s Emily Cureton reported for NPR, even though officers approved the six-bitcoin ransom payment — presently worth about $51,000 — to lift the wall of encryption paralyzing a number of city facilities, it’s not clear whether there is anywhere to transmit the money.
The payment portal set up by the hijackers for the infected systems, which contained a countdown timepiece, was disabled days before the time limit after a local TV news station tweeted out an unpredicted ransom note it got from a city worker. It had a link to a bitcoin wallet leading directly to a group known for using SamSam ransomware.
Atlanta Working ‘Round-the-clock’ To Fight off Ransomware Attack
It did not take long for people to start bombarding the hackers with queries regarding the attack through the exposed portal, risk Management Company CSO informed. In the beginning, the hackers required more money before they would reply to those queries and later canceled the whole communication form, saying they were taking it down due to too much junk.
Although it’s possible other portals are present, city officers have not verified that is the case. Nor have they verified the identity of the hackers.
In spite of everything, the SamSam group is known for selecting targets with weak safety and high inducements to recover control of their information and for that reason are very likely to pay. Since December 2017, it has collected approximately $850,000 in ransoms from sufferers in education, healthcare, and government, as per CSO. Last month, the city of Leeds, Ala., paid ransomware hackers $12,000 to issue data in a similar attack.
Scientists working for Talos, a firm that is probing SamSam, state this is the first time the group “has openly deactivated or deleted a portal before the seven-day clock expiring. Although it’s possible they’ve taken such actions before, details of those occurrences haven’t been shared openly.”
An examination of Atlanta’s information technology division demonstrates the city was warned this might happen months before, Cureton told NPR.
“The audit found a substantial level of avoidable danger to the city. The accountant writes there were long-standing problems, which city workers got used to and also didn’t have the time or means to resolve. The audit determines Atlanta had no official procedures to manage danger to its information systems.”
And a Georgia-situated cybersecurity company known as Rendition Infosec on Tuesday tweeted that it had discovered data displaying a handful of city computers came under attack previous year.
“We dug into our data and perhaps naturally, at least 5 of their machines were undermined in April 2017,” the company’s proprietor, Jake Williams, wrote.
Thus far, the cyberattack has not affected police and fire emergency-response systems, airport security or water supply security.
In the seven days since the city’s data was taken hostage, some city workers are back online and capable to use electronic mail. Others are still using pen and paper. The municipal court system has been turning people away all week.