Atlanta Has Been Hacked

Twentieth Century Fox

I had no idea this was happening until I read about it last night:

Atlanta’s municipal government has been brought to its knees since Thursday morning by a ransomware attack — one of the most sustained and consequential cyberattacks ever mounted against a major American city….Threat researchers at Dell SecureWorks, the Atlanta-based security firm helping the city respond to the ransomware attack, identified the assailants as the SamSam hacking crew, one of the more prevalent and meticulous of the dozens of active ransomware attack groups.

….In Atlanta, where officials said the ransom demand amounted to about $51,000, the group left parts of the city’s network tied in knots. Some major systems were not affected, including those for 911 calls and control of wastewater treatment. But other arms of city government have been scrambled for days. The Atlanta Municipal Court has been unable to validate warrants. Police officers have been writing reports by hand. The city has stopped taking employment applications.

[Keisha Lance] Bottoms, the mayor, has not said whether the city would pay the ransom. The SamSam group has been one of the more successful ransomware rings, experts said. It is believed to have extorted more than $1 million from some 30 target organizations in 2018 alone.

This ransomware group is tightly managed. A ransom of $50,000 is enough to be worthwhile but low enough that it’s a rounding error to lots of large organizations. And apparently SamSam refrains from bollixing up infrastructure that might get people killed—which probably helps them keep a low profile.

But this strategy only works if breaking into systems is so easy that $50,000 represents a substantial profit vs. the time spent doing it. Out of tens of thousands of organizations big enough to be worth going after, I suppose it’s no surprise that several dozen are easy pickings. But it’s still kind of shocking. It makes the second Die Hard movie seem a little less ridiculous, doesn’t it?