Atlanta spent at least $2.6 million on ransomware recovery


atlanta-ransomware-attack.jpg

The city of Atlanta, Georgia. (Image: file photo)

Atlanta spent more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city’s online services.

The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price.

But it’s understood that the ransom was never paid — because the portal used to pay the ransom (even if the city wanted to) was pulled offline by the ransomware attacker.

According to newly published emergency procurement figures, the city spent around 50 times that amount in response to the cyberattack.

Between March 22 and April 2, the city spent $2,667,328 in incident response, recovery, and crisis management. (Hat tip to Ryan Naraine for tweeting out the link.)

Among the costs, Atlanta spent $650,000 on hiring local security firm Secureworks for emergency incident repsonse services, and an additional $600,000 on advisory services from Ernst & Young for cyber incident response.

The city also spent $50,000 to hire Edelman, a public relations firm specializing in crisis response management — in other words, trying to make things look less bad than they actually are.

It’s not known if additional, unreported costs were involved in the ransomware clean-up.

When reached, a spokesperson for the city did not immediately respond to several questions we had. If that changes, we’ll update.

Last month we reported that Atlanta narrowly missed out falling victim to another cyberattack in 2016, when the now-infamous WannaCry ransomware attack spread across the globe.

Speaking to ZDNet at the time, Jake Williams, founder of cybersecurity firm Rendition Infosec, said that the city’s networks were left unpatched for weeks — making them vulnerable to ransomware attacks.

He found that at least five internet-facing city servers were infected with the NSA-developed DoublePulsar backdoor in late April to early May 2017. That was more than a month after Microsoft released critical patches for the exploits and urged users to install.

Based on his data, he said that the city “had a substandard security posture” at the time.


Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *