Now in its fifth day, the city of Atlanta’s comprehensive effort to overcome a ransomware cyberattack is pivoting to focus on restoration, the head of a security company brought on to assist the municipality said during a press conference at City Hall on March 26.
As they had during news events on the day of the attack, March 22, and on the following afternoon, officials were tightlipped about the type of attack and what person or group could have been behind it.
Those who spoke offered few specifics about the extent to which it penetrated the city’s hardware and online presence and whether a ransom might still be paid.
Michael R. Cote, president and CEO of security solutions company Secureworks, a Dell Technologies subsidiary headquartered in Atlanta, said the firm is “committed to helping the mayor’s team with the city’s continued success,” and has directed subject matter experts to get mission-critical systems back on line “as prudently and expeditiously as possible” while ensuring their security.
The endeavor, which is joined by the federal Department of Homeland Security, the U.S. Secret Service and the FBI as well as the city’s incident response team and its counterparts from Microsoft and Cisco, has shifted from investigation and containment to recovery, Cote said, and “the methodical restoration of critical systems.”
But, the city’s Chief Operating Officer Richard Cox said again, major areas of Atlanta’s enterprise including its airport, police, fire, 911 and emergency response systems, have continued to operate largely as intended, though some noncritical processes may take longer.
Elsewhere at city hall and in local government, Cox said, inspections and scheduling are being done manually, and arranged via telephone; walk-ins to appear in municipal court will be unavailable until services are restored; and inmates taken into custody by the department of corrections will be handled with manual tickets.
But, said the COO: “Customers who were set for court will not be penalized during this time.”
Mayor Keisha Lance Bottoms reiterated her warning to those who have done business with the city via the Internet, to carefully watch their online and financial information, but said there’s no indication residents’ confidential data has been captured.
“Once we are on the other side of this, we will know exactly what information has been compromised. As of right now, we don’t have anything that points to anyone’s personal information being compromised,” said Bottoms, who confirmed the city does have a backup of its sensitive information.
Asked whether any vulnerability exploited had been patched, Bottoms said officials are scrutinizing the entire system with an eye for long-term solutions. Questions about who may be behind the attack and how they got in were referred to Secureworks, whose CEO said, “We don’t think it’s productive in an ongoing investigation to talk about it,” while confirming officials do know who or what entity is believed to be responsible.
Like Bottoms, he described the response as a marathon, not a sprint.
Asked why Atlanta, a municipality, was attacked for money — an incident that reportedly saw hackers demand just 6 bitcoins, or around $50,000, for a mass encryption key, Bottoms pointed out that numerous cities and medical institutions not necessarily known for their wealth have been compromised by ransomware in the past.
“Maybe that’s the reason they’re asking for $51,000,” the mayor said, appearing to allude to a ransom demand.
“We have to really make sure that we focus on the things that people can’t see, and digital infrastructure is very important. Certainly not something that I thought on Day 70 would become a priority of this administration, but at Day 80-something, it certainly has gone to the front of the line,” said Bottoms, who was sworn in Jan. 2.
As to whether Atlanta might be approaching an inflection point in the decision of whether to pay a ransom — something some experts advise against — Bottoms said:
“Everything is up for discussion and I have shared that I have my feelings about that, but as we are operating in the infancy of this. We are not even a full week in, I want to ensure that everything remains on the table for consideration.”