Almost a week after becoming the target of one of the largest ransomware
Attacks on the city of Atlanta have made progress toward recovery, but it is still far from business as usual. Hackers encrypt many of the city
Government's Most Important Data and Computer Systems
The ransomware attack that Mayor Keisha Lance Bottoms called a "hostage-taking" forced the city to close down to city courts and city council
even prevents residents from paying bills online. The city has been
unable to issue arrest warrants, and in many cases had city employees
fill out forms and reports by hand.
The hackers demanded that officials pay a $ 51,000 ransom to be sent to a Bitcoin wallet.
Threat investigators from Dell owners
Secureworks, based in Atlanta, is working to help the city recover from the attack.
The security firm identified the attackers as a SamSam hacker group, reported on the New York Times on Thursday. The
Organization became known for similar ransomware attacks; it
Usually, ransom demands of $ 50,000 or more, usually
payable only to Bitcoin
Secureworks has worked with the city's emergency team and with the FBI, Department of Homeland Security, and US intelligence. In addition, a number of independent experts, including researchers from Georgia Tech, were consulted to determine how the attack took place and to develop strategies to prevent another such attack.
As of Thursday, the Department of Information Management of the city
It was not until the March 21
proof that customer or employee data has been compromised. Nevertheless, it encouraged everyone to take precautions
including the monitoring of personal accounts and personal protection
The attack on Atlanta remains one of the largest ransomware attacks to date. It's actually much bigger than a cyber threat, Mayor Bottoms said earlier this week. It is an attack on the government and its citizens.
"Ransomware attacks are a reality for many companies, and unfortunately, this instance is probably not the last," said Sam Elliott, director of security product management
"Ransomware is one of the easiest ways to monetize a successful violation
security, and as such it is still favored by many hackers "
notes Eytan Segal, main product manager
"This latest violation of the Atlanta city government is a good example
how devastating and frustrating these attacks can be when they do it
"He said to TechNewsWorld."
However, the city's rapid response may have limited the potential for major damage.
"From the point of view of response, the city does the best it can"
said Raj Rajamani, vice president of product management
"By immediately disconnecting employees from their devices, they can do it
have helped to minimize the spread of ransomware, "he said
Atlanta data was reportedly redeemed with AES 256-bit encryption as a ransom. This is one of the safest encryption methods. It is used in many modern algorithms.
There is no guarantee that the SamSam threat actors would actually do so
Free up the files and decrypt the data once the ransom has been paid. However, these special hackers have released systems that target past attacks.
In general, those who own ransom files free them, because otherwise future threats would become meaningless and nobody would pay.
Still the city has not given any indication that it will bow to ransomware
Requirements. Atlanta may be lucky enough to have the option to reject it.
The city's IT department has fulfilled its due diligence in securing critical data, and many of Atlanta's key services have been moved to the cloud. In addition, the city's networks were separated from other systems. Therefore, the public safety systems and the Atlanta Hartsfield Airport are not affected by this attack.
Recovery will be slow if the ransom is not paid but not impossible.
"Subtle details in your backup strategy can all make the difference in you
the world in which you want to recover after a ransomware attack, "
warned Jim Purtilo, associate professor of computer science
University of Maryland
"The balancing act between integrity and availability of your data," he told TechNewsWorld
On the one hand, you would want to point out very strong protection between your live system and the repository for its backup, Purtilo , You do not want a similar exploit to block the recovery data, but off-site storage is a common way to ensure that systems are isolated.
"On the other hand, the more isolated our data is, the more it is
The challenge of keeping backups up to date, "he added
When you clean a malware production system, you can recover most of the data
from the outside, but it would still be quite annoying to lose data
that has changed after a checkpoint. "
Prevention of future attacks
Atlanta's attack should be a warning to other cities and organizations
Efforts must be made to harden systems.
"Cover all your IT assets IT environments are complex, very complex
and they include desktops and laptops, mobile devices, servers and the
Cloud, "said Check Point's Segal.
" Businesses should seek to develop a unified solution that is architecturally oriented
To cover all these elements includes all layers of advanced
Protection and focuses on preventing attacks rather than recognizing them
she recommended, "
" Maintaining a regular repair routine will close any potential holes in one
Organizations infrastructure, keeping attackers at bay ", Bomgars
Elliott told TechNewsWorld.
"Infrastructure teams should also better segment their IT systems
Prevent future malware from spreading laterally through Connected
Networks to prevent the potential for extensive damage, "he added.
The human element
Proactive protection should also include employee training
Attacks often affect social engineering or human error.
"Normally, SamSam ransomware victims are infected by being infected on a
malicious link, opening an e-mail attachment, or malvertising, "
noted SentinelOnes Rajamani
The SentinelOne Global Ransomware Report found more than 58 percent of
Ransomware infections in the public sector were caused by employees
Carelessness, he pointed out.
"Every city and every government organization should assume that they are one
Target, "warned Rajamani. Attacks like those in Atlanta are about
More than just criminal payouts – they paralyze attacks that can
bring a city to its knees, as we see. "