Its major emergency response systems were unaffected by a ransomware cyberattack that shuttered many computers at city hall, but some areas of Atlanta municipal government are still recovering from the March 22 breach, which made national news.
To date, officials have not publicly discussed the origin of the attack. And the FBI, U.S. Secret Service and Department of Homeland Security have all assisted the city’s incident response team, as have units from Microsoft, Cisco and security solutions provider Secureworks.
Service at Hartsfield-Jackson Atlanta International Airport, the nation’s busiest airport, was never disrupted, Nikki Forman, press secretary in Mayor Keisha Lance Bottoms’ office, said via email.
The airport’s Wi-Fi, which “was voluntarily disabled out of an abundance of precaution,” Forman said, was restored on April 2 according to the airport’s Twitter account.
The free WiFi system at #ATL is up and running. To all - thank you for your patience.— Atlanta Airport (@ATLairport) April 2, 2018
Similarly, “Atlanta Police Department’s ability to respond to 911 calls and emergencies has not been impacted,” the press secretary said.
“We temporarily returned to handwritten incident reports but have begun using our incident report database, allowing officers to resume filing incident reports electronically. Additionally officers are able to take out arrest warrants and check for outstanding warrants,” Forman said.
“I want to be clear that for many services, telephone and paper options were always available and not simply the default due to the cyberattack,” Forman added.
City hall employees “have been instructed to turn on their computers,” the press secretary said, declining comment on the extent to which computers and electronic archives remain affected “as this is an ongoing investigation.” According to a news release, city hall computers and printers were first activated again on March 27, roughly five days after the attack.
Forman also declined to discuss the attack’s origin or type, whether officials have paid a ransom demand believed to be around $50,000, and how the city’s short-term cybersecurity posture has changed since the attack.
Asked via email how the city would update or strengthen its longer-term cybersecurity position, Forman referred to the mayor's March 26 press conference. During that event, Bottoms indicated “everything” could be on the table, with respect to the city’s restoration of its infrastructure.
“I think what we see is that more work remains to be done with our digital infrastructure in the city of Atlanta. Certainly this has sped things up,” said the mayor, who characterized the breach as “much bigger than a ransomware attack.”
“This is an attack on our government, which means it’s an attack on all of us. We need to make sure we’re doing all we need to do to keep secure,” Bottoms added.
Elsewhere across Atlanta’s spectrum of city services, the city announced on March 30 that the Atlanta Municipal Court was still unable to process online or in-person ticket payments, and Failure to Appear walk-in Court “will not resume until systems are restored.”
The city’s online business license payment and renewal platforms were also inaccessible as of March 30, as was the portal used to create an electronic version of a business license. Businesses were given until April 20 to pay for their business licenses without penalty.
Online and telephone water and sewer bill payments were unavailable as of March 30, but its departments of Watershed Management and Finance were able to accept water and sewer bill, and business license payments in person at city hall. No late fees will be levied until all payment options and billing cycles are restored.
New water meter sales, which had been interrupted, were resumed by cash payment. Similarly some Department of City Planning processes, including inspection assignments, could be “slower than normal,” but were fully operational the city said and employment applications had resumed at the Department of Human Resources.