On Thursday, March 22, that hackers attacked the city’s network system and encrypted data. Hackers reportedly used the SamSam ransomware and demand around $51,000 in Bitcoin to unlock the city’s seized computers.
Atlanta is currently working with the Department of Homeland Security, the FBI, Microsoft, and Cisco cybersecurity officials to determine the scope of the damage and regain control of the data held hostage.
SamSam, it’s part of a family of malware has been active against many government and healthcare systems since late 2015. It then encrypts that key with RSA 2048-bit encryption to make the files utterly unrecoverable. In January, Talos noted that its makers had already netted over $325,000 in ransom sent to one bitcoin wallet. This particular attack isn’t spreading on the level of 2017’s NotPetya/WannaCry, but its apparent ability to target critical systems where the owners are likely to pay makes it even more troublesome, spreading first through vulnerable servers and then onto Windows desktops.
The Atlanta government said it will be open for business in the morning, and that infrastructure like public safety, water and the airport are unaffected.