Submitted by CyberHub Summit on Wed, 05/23/2018 - 17:14
What we can identify from the Atlanta Cyber-attack.
What we can identify from the Atlanta Cyber-attack.

Towards the end of March, the City of Atlanta was in the words of the Mayor Keisha Lance Bottoms, 'held hostage'.

The computer network of the City of Atlanta was hit by a ransomware attack which paralyzed a substantial percentage of the city’s data. The hackers demanded $50,000 to unlock the system.

The Atlanta attack forced many city departments and organizations to go offline for several days, meaning that residents were unable to pay bills or fines and police were unable to electronically file paperwork – breathe deep, tickets were issued by hand.

[Cyberhub Summit is Coming back to Atlanta, Ga | October 9-10, 2018 - Cyber Security education for executives and business owners and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]

A certain level of panic set in, prompting the Hartsfield-Jackson Airport, to shut down its' free Wi-Fi network among other website functionalities.

This cyber shadow cast over the city's network sent Atlanta into a slowed down scared version of itself for about 10 days and the ripple effect continues.   The Municipal Court has been affected in areas ranging from traffic citations to criminal offenses as it's one of the busiest courts in the Southeastern United States.

Apart from having to reset dates, they appear to have temporarily moved back to a pre-digital era for now, using a manual paper-based system which in a large metropolitan area, is simply not feasible anymore.

  Although no one really knows if the ransom (which seems on the small side) was paid, a city cannot set a precedent of this kind and also cannot be this vulnerable.

The ransomware attack implies several truths.

  1. The City had vulnerable servers on the internet, either with weak passwords or bad security protocols.
  2. The attackers probably weren’t that sophisticated themselves. We deduced this from their small ransom request – this was either because they knew that their cyber break-in could be neutralized quickly or because they had no idea that $50,000 is a small amount for a City, placing them on the list of Cyber criminals that aren't too bright.
  3.  Many employees were likely to be less than cyber-savvy.  Time and time again we witness great security systems penetrated due to human error. Employees need both to know how to use the systems and to be accountable. Employee training in password protection and identifying high-risk emails need to be made mandatory.
  4. They were using outdated systems. Since our foes are pragmatic, so must we be.

All computer networks need re-evaluating a lot. Security solutions need to be improve at a faster speed than criminal methods, or they are simply worthless, the fact this appeared to be quite a basic ransomware attack shows us that their systems were dated.

The major takeaway from all this is that Atlanta is a lesson in tightening cyber security on a basic level across the board to semi- sophisticated attacks. If cities can be paralyzed through the simple failings of employees or weak passwords, we are all in big trouble.