A series of leaked emails dating back to June seem to indicate that software from an outside vendor last week may have been the source of infection for a ransomware cyberattack that has disrupted much of Atlanta's computer network ,
But a security expert who reviewed the correspondence on behalf of The Atlanta Journal-Constitution and Channel 2 Action News said Thursday that the records show that the city has not done enough to address several warnings that its Network was not sufficiently secured  "There is definitely negligence," said Tony UcedaVelez, CEO of Versprite, an Atlanta-based security services company that provides cyber-security to businesses. "It may be that this [the emails] is an incomplete story, but for the most part it tells me that they have not studied enough the security threat that was found a long, long, long time ago."
The FBI , the Department of Homeland Security and intelligence support Atlanta in an ongoing investigation into a ransomware cyberattack ̵
The city has yet to tell if it will pay the $ 51,000 that hackers have demanded in this case, the form of bitcoins, a virtual currency that obscures the identity of the recipient
MORE: The court hearings in Atlanta are following suit moved to the computer hack
On Tuesday, city officials were told they could turn their computers on after shutting off the last five days to prevent the ransomware from spreading. Some computers worked as if they had not been infected. Others contained locked files.
The city has released little information after the attack. In response to questions about the emails on Thursday, a city spokeswoman repeated the same statement she had made the day before.
"Cybersecurity is a topic that affects many governments and leading organizations around the world," said Anne Torres. "As cyber security challenges evolve, we need to invest in our infrastructure and be vigilant to ensure that our security measures continue to keep pace with the threats we face."
The emails include in-depth discussions between staff from the Department of Atlanta Information Management, city council, and clerks over an eight-month period via an encoder from Accela, a Atlanta-based company. The Encoder helps stream the video from City Council meetings across multiple devices.
The city received its first warning that the computer with the encoder was infected on June 15 with ransomware called "Wcry".
"Please AIM (Atlanta Information (Management) to perform a scan on the PC, or disable the port to allow viruses to propagate into the network," wrote a city council information technology manager the next day.
In July 17, in response to an apparent second warning about "Wcry" ransomware on the computer, the director of the city's corporate application information technology contacted about disabling the port of the computer with the encoder.
"It seems hacked
Two months later, an employee at the Atlanta City Administration Office emailed Accela's support department about another attack on "urgent cyber security incident."  "The encoder causes a security attack on our network," the employee wrote. "I also call your support to to investigate this problem. "
But UcedaVelez said the most likely scenario was that the city's network had infected the encoder.
"You put the problem on the seller," said UcedaVelez. "And they associate the malware found on the system, it's highly unlikely … that Accela was the channel to bring this ransomware into the city's system, and the ransomware is more likely to be there due to poor network security which in turn is on the shoulders of the city of Atlanta. "
READ | City employees are allowed to use computers after Atlanta Hack
READ | Atlanta City computer network remains limped due to cyber attack
On February 10, about a month before last week's ransomware attack, an external cyber security specialist warned that a computer with an Accela device was "high risk"
Computer and a "blacklist" IP address, such addresses are known to collect data about ransomware – victims in the run-up to an attack.
"These connections could be command-control traffic, propagation attempts, or a recall of malware representing an infection," wrote Jerrid Byrd of the San Diego-based security on-demand.
That was an indication, UcedaVelez said, that cybercriminals are ready to attack and already know the city's computer network about their
"The best way to monetize an attack if you're a cybercriminal to stay in a network for as long as possible, "said UcedaVelez. "So you can milk it for anything worth it, and you can find the right time to do enough educational work, not to be annoying, to sit in the corner and gather information to help you" attack To be able to orchestrate.