Atlanta City Government Systems Down Due To Ransomware Attack

An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.

Microsoft will charge more... with less result

[JcMorin]

I'm pretty Microsoft will charge more AND some data will be lost on many many computers. I don't think they have full disk backup on every computer, plus all the time wasted before everything is back online.

Someone messed up big time

Misconfigured group policy and AD privileges leading to one infectee having the ability to encrypt everyone on the network. What are the odds they even have backups for these systems?

Re: Someone messed up big time

[Archangel+Michael]

The pain point for ransomware is low enough that enough people pay it rather than restore from backup and/or try to recover via other means (including re-imaging).

And if you haven't had a full restore test of all critical systems, then you're already playing with fire. Nobody Ain't Got Time For That (tm) is the normal response.

I have a saying ... "Good IT is expensive. Bad IT is costly"*. If they lose more than a day's productivity on their compromised systems, they need to just pay the ransom, and learn the expensive lesson.

*This may or may not be the fault of IT. I've been in IT long enough to see IT make recommendations that are denied because "they are expensive" and I've seen bad IT. I always use risk / reward when outlining IT infrastructure costs. Sometimes the calculus is "if bad shit happens, we'll eat it".

Re:$51K to restore all of the city's computers?

[WolfgangVL]

WTF.

They might not even decrypt anyway.

Just restore from your excellent backups. Everybody loses a day of productivity, and the courts should have paper records anyway.

Yet another victim.. of Windows

[SuperKendall]

We all know this means they are running Windows.

How many more critical systems have to fall victim to this malware/ransomware bullshit before Windows systems are banned for use in anything critical? Even just the greater likelyhood of that happening to Windows systems should render them unacceptable to use.

In a lot of ways, this complete system shutdown is much worse for everyone than a database being stolen which is the worst case for UNIX backends.