Atlanta City Government Systems Down Due To Ransomware Attack

An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.

Re:$51K to restore all of the city's computers?

[WolfgangVL]

WTF.

They might not even decrypt anyway.

Just restore from your excellent backups. Everybody loses a day of productivity, and the courts should have paper records anyway.

Re: Someone messed up big time

[Archangel+Michael]

The pain point for ransomware is low enough that enough people pay it rather than restore from backup and/or try to recover via other means (including re-imaging).

And if you haven't had a full restore test of all critical systems, then you're already playing with fire. Nobody Ain't Got Time For That (tm) is the normal response.

I have a saying ... "Good IT is expensive. Bad IT is costly"*. If they lose more than a day's productivity on their compromised systems, they need to just pay the ransom, and learn the expensive lesson.

*This may or may not be the fault of IT. I've been in IT long enough to see IT make recommendations that are denied because "they are expensive" and I've seen bad IT. I always use risk / reward when outlining IT infrastructure costs. Sometimes the calculus is "if bad shit happens, we'll eat it".