Ransomware strikes again: Atlanta held hostage by hackers

A sophisticated ransomware attack has left the city of Atlanta crippled and cyber-security experts racing to figure out how it happened. The attack has highlighted the importance of cyber-security on both an individual and institutional level as poor defenses embolden criminal hacker groups.

What happened in Atlanta?

On the morning of Thursday, March 22nd, employees at various municipal agencies in Atlanta discovered that they couldn’t access their files. The only city government agencies unaffected were 911 emergency services, first responders, municipal water services, and functions essential to the operation of Hartsfield Jackson International Airport (although travelers couldn’t even use the Wifi).

However, almost every other online city function was disabled, with police filing tickets and reports by hand and city residents paying their bills the old-fashioned way.

The city government confirmed that they’d received a ransom note for roughly $51,000. The deadline to pay – 7 days. Investigators have identified the attackers as Gold-Lowell, an organized and active group of hackers that have carried out a number of carefully planned ransomware attacks over the past few years. Their tool of choice is usually a piece of malware called SamSam.

As is usually the case in their attacks, the Gold-Lowell group provided the city with a website through which it could contact them and even send up to 2 encrypted files to prove that the hackers had a working decryption key. However, that website was shut down after it was leaked and journalists began to flood the anonymous hackers with questions.

Fortunately, the city government claims to be regaining control and has asked employees to begin switching on their computers.

In the past, Gold-Lowell has targeted hospitals, law enforcement agencies, and other institutions that often did not have the luxury of waiting for an alternative solution. They and other attackers often demand their ransoms be paid in cryptocurrencies, making it extraordinarily difficult to track them.

Attacks like these have shown just how insecure many institutions are and how important it is to secure them. Otherwise, it is only a matter of time before the attacks become more frequent and more dangerous. “Luckily,” some hackers have limited their breaches to relatively harmless pranks, like when Dallas’ tornado alarms were set off during one night in 2017 at 11:42 PM during clear weather.

Can you be targeted by ransomware?

Ransomware can target businesses, government institutions, or even individuals. David Beckham was famously targeted by ransomware hackers who demanded €1,000,000 in order to refrain from publishing embarrassing emails. Indeed, anyone with files they can’t afford to lose is a potential target. Non-targeted attacks can cast a wider net as well. Anyone infected who can’t or won’t pay loses their files, and anyone who can pay nets the hacker a hefty profit.

What can you do to avoid this situation

If you are hit by ransomware, experts warn against paying the ransom if at all possible. Because of the attacker’s anonymity and the ability to easily copy digital files, there’s little guarantee that they will unlock the files or truly relinquish access to or possession of your files upon payment.

Ransomware usually spreads just like any other piece of malware, so the same defenses apply:

• Use a robust firewall that will make it harder for malware to infiltrate your system.
• Regularly update your software and OS. Updates often include critical security fixes that seal vulnerabilities that hackers have already used to target others.
• Install an antivirus system that will help prevent you from accidentally downloading malware.
• Mitigate ransomware attacks by maintaining secure backups. You could use a cloud service, but these come with their own privacy concerns. On the other hand, a periodically updated, secure offline backup (which could be as simple as a USB external hard drive) will virtually guarantee access to your files in the event of malicious encryption.
• Educate yourself about how to see through phishing scams and other forms of social engineering. If a hacker or scammer can fool you, they can bypass all of your security systems.