2018 Atlanta cyberattack

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
2018 Atlanta Ransomware attack
Date 22 March 2018[1]
Location Atlanta, Georgia, United States
Type Cyberattack
Theme Ransomware encrypting files with $51,000 demand (via bitcoin)
  • SamSam ransomware
Outcome Multiple municipal services down, including databases and wifi.
Years' worth of data destroyed.
City spends $2.7 million in recovering services

The City of Atlanta, Georgia was the subject of a massive cyberattack which began in March 2018.[2] The attack was recognized by the City of Atlanta on Thursday, March 22, 2018.[1][3] The city has publicly acknowledged it was a ransomware attack.

Many city services and programs were affected by the attack, including online services for citizens to pay bills and request utility service.[4] The effects of the incident were so widespread that officials resorted to completing paper forms by hand.[5]

The attack was notable for the extent of services affected and the duration of service outages, as well as the importance of Atlanta as a major American economic and transportation hub.[6]

Approach and Attack[edit]

Leading up to the attack, the Atlanta government was criticized for a lack of spending on upgrading its IT infrastructure, leaving multiple vulnerabilities open to attack. In fact, a January 2018 audit found 1,500 to 2,000 vulnerabilities in the city's systems, and suggested that the number of vulnerabilities had grown so large that workers grew complacent. The virus used to attack the city was the SamSam Ransomware, which differs from other Ransomware in that it does not rely on phishing, but rather utilizes a brute-force attack to guess weak passwords until one breaks open. It is known to target weaker IT infrastructures and servers.[7] The ransomware has prominently been behind attacks on medical and government organizations since its discovery in 2016, with previous attacks on targets ranging from small towns such as Farmington, New Mexico to the Colorado Department of Transportation and the Erie County Medical Center. It can also bypass antivirus software.[8] To date, the identity of the SamSam hackers remains unknown, but they have been described as "opportunistic".[9]

On March 22, at 5:40 AM, the Department of Atlanta Information Management first learned of outages on various internal and customer applications “including some applications customers use to pay bills or access court related information,” according to Richard Cox, the city’s interim Chief of Operations. Soon afterward, the city shut down many of its digital services in an attempt to control the situation, including its court system database and the wi-fi at Hartsfield–Jackson Atlanta International Airport. The city eventually identified it as a ransomware attack.[3][1]

Aftermath and Recovery efforts[edit]

This hack was notable as it was the largest successful breach of security for a major American city by ransomware, potentially affecting up to 6 million people.[7][10] Following the attack, the city of Atlanta cooperated with the FBI, Department of Homeland Security, and Secret Service and hired security firms such as SecureWorks to investigate, and many government computers were advised to stay powered off until 5 days later.[5]

Though the city declared that there was little to no evidence that personal data had been compromised, later studies show that the breach was worse than originally estimated. In June 2018, it was estimated that a third of the software programs used by the city remained offline or partially disabled.[11] In addition, many legal documents and police dashcam video files were permanently deleted, though the police department was able to restore access to all its investigation files.[12] For a while, residents were forced to pay their bills and forms by paper.[5]

In response to this hack, Atlanta devoted $2.7 million to contractors in order to recover, but later estimated it would need $9.5 million.[11]


  1. ^ a b c "Atlanta, GA : Ransomware Cyberattack Information". www.atlantaga.gov. 
  2. ^ Press, The Associated (23 March 2018). "Atlanta City Computer Network Remains Hobbled by Cyberattack" – via NYTimes.com. 
  3. ^ a b "Atlanta officials warn cyber attack may compromise sensitive data". 
  4. ^ Kearney, Laila. "Atlanta ransomware attack throws city services into disarray". 
  5. ^ a b c CNN, Kimberly Hutcherson,. "Six days after a ransomware cyberattack, Atlanta officials are filling out forms by hand". 
  6. ^ Blinder, Alan; Perlroth, Nicole (27 March 2018). "A Cyberattack Hobbles Atlanta, and Security Experts Shudder" – via NYTimes.com. 
  7. ^ a b Freed, Benjamin (April 24, 2018). "Atlanta was not prepared to respond to a ransomware attack". StateScoop. Retrieved July 18, 2018. 
  8. ^ Crowe, Jonathan (March 2018). "City of Atlanta Hit with SamSam Ransomware: 5 Key Things to Know". Barkley vs Malware. Barkley Protects, Inc. Retrieved July 18, 2018. 
  9. ^ "SamSam ransomware attacks have earned nearly $850,000". CSO Online. IDG. March 23, 2018. Retrieved July 18, 2018. 
  10. ^ Poon, Linda (March 30, 2018). "Why Are Cities So Vulnerable to Cyber Attack?". Citylab.com. Retrieved July 18, 2018. 
  11. ^ a b "Atlanta officials reveal worsening effects of cyber attack". Thomson Reuters. June 6, 2018. Retrieved July 18, 2018. 
  12. ^ Vaas, Lisa (June 8, 2018). "Atlanta ransomware attack destroyed years of police dashcam video". Naked Security. Sophos.