Atlanta Still Recovering Nearly Three Weeks After Cyberattack

Nearly three weeks after a ransomware attack hit Atlanta, recovery is still going on; many areas in the Atlanta municipal corporation are still recovering from the attack.

One of the biggest cyber attacks to hit Atlanta, the March 22 ransomware strike caused multiple multiple online Web pages and services to stop working. It was reported that the attack had led to many internal and customer-facing applications getting compromised.

The major emergency response systems, however, remained unaffected by the ransomware strike which had shuttered many systems at city hall. Reports point out that officials are yet to publicly discuss anything regarding the origin of the attack. In addition to the FBI, the U.S. Secret Service and the DHS (Department of Homeland Security), units from Microsoft, Cisco and security solutions provider Secureworks too are joining hands with Atlanta’s incident response team.

Govtech.com, in a detailed report about the recovery activities, quotes a statement made via email by Nikki Forman, press secretary in Mayor Keisha Lance Bottoms’ office; the email statement clarifies that services at the Hartsfield-Jackson Atlanta International Airport, the nation’s busiest airport, was never disrupted following the ransomware attack. The report also quotes Nikki Forman as stating- “The airport’s Wi-Fi, which “was voluntarily disabled out of an abundance of precaution”; this Wi-Fi was restored on April 2. Forman is also quoted as stating that the cyber attack hasn’t impacted Atlanta Police Department’s ability to respond to 911 calls and emergencies, though for a while the police started depending on handwritten incident reports. Now the police department has reportedly started filing incident reports electronically once again.

Reports point out that roughly five days after the cyber attack hit Atlanta, computers and printers at the city hall were re-activated and all employees had been instructed eventually to turn on their systems.

Anyhow, there’s no clarity about the extent of the impact caused, the origin of the attack and whether or not any ransom has been paid. Govtech.com reports- “City hall employees “have been instructed to turn on their computers,” the press secretary said, declining comment on the extent to which computers and electronic archives remain affected “as this is an ongoing investigation.” According to a news release, city hall computers and printers were first activated again on March 27, roughly five days after the attack…Forman also declined to discuss the attack’s origin or type, whether officials have paid a ransom demand believed to be around $50,000, and how the city’s short-term cybersecurity posture has changed since the attack.”

There were many services that continued to remain affected even as the month of April was starting off; these included activities at the Atlanta Municipal Court (where online or in-person ticket payments couldn’t be made and Failure to Appear walk-in Court too remained affected), the city’s online business license payment and renewal platforms, Online and telephone/water/sewer bill payments, new water meter sales (this has been resumed by cash payment) etc.

Such cyber attacks always make people think of strengthening long-term cybersecurity positions; Govtech.com quoted what Atlanta Mayor Keisha Lance Bottoms had stated during a press conference after the attack- “I think what we see is that more work remains to be done with our digital infrastructure in the city of Atlanta. Certainly this has sped things up…This is an attack on our government, which means it’s an attack on all of us. We need to make sure we’re doing all we need to do to keep secure”.