The city of Atlanta is just one example of how poorly equipped our cyber defenses are versus the technologies that the cyber criminals employ to attack and infect. We must adopt new technologies that focus on prevention, or this will continue to happen over and over again. Every single year, cyber crime is getting worse and worse — at an exponential rate.
Cyber crime will exceed $2 trillion in 2019, according to Juniper Research. Cybersecurity Ventures, a researcher of the global cyber economy, indicated in its most recent annual cybercrime report that in 2021, cybercrime will top $6 trillion — that is more than the entire economy of the United Kingdom.
It’s a huge threat to Americans; right now the cyber criminals are winning. In March 2018, the city of Atlanta was hit with a ransomware called SamSam that cost the city millions to recover from.
Cities Hit by Ransomware
SamSam was a massive breach for the city of Atlanta that initially made headlines, but was then forgotten in the news cycle. The aftermath of this cyber attack– which cost taxpayers millions of dollars — was never widely publicized. SamSam previously was successful in penetrating the city of Farmington, New Mexico, and the Department of Transportation in Denver, Colorado, but the city of Atlanta wasn’t paying attention to the threat.
The virus demanded a ransom of $55,000, which Atlanta officials refused to pay. Mayor Keisha Bottoms, only five weeks on the job, went on TV to warn citizens to check their bank accounts if they had ever made an online payment to the city of Atlanta.
In response to the attack, the city of Atlanta experienced $17 million of unforecasted expenses, which do not include measure of impact to citizens. Some of the consequences of the ransomware attack on the city were:
- Online payments were halted
- Police began issuing paper tickets
- Years of bodycam and police car video were lost
- Municipal court records were lost, clogging the system with frustrated citizens unable to resolve matters
It took two months to reinstate online water payments and it was October before police ticket payments were operational again, since all of those paper tickets had to be manually entered back into the system.
There are many lessons to be learned from this cyber attack on the city of Atlanta, here are eight of them.
#1 Bring the IT professional
No one expects the mayor of a major city to be an IT expert or how to handle a ransomware attack. While Bottoms was taking the arrows, there was likely someone behind the scenes running it. That person should have been the spokesperson to address the public since they understood firsthand the scope of the attack and could answer questions in an educated, professional manner.
#2 Restore Operations
It is the common wisdom that when faced with a ransomware situation, do not pay the ransom. The more payments to the criminals, the more attacks we will continue to have. However, once the decision is made to not pay, the focus must turn immediately to restoring operations as quickly as possible. Atlanta police were writing electronic tickets three months after this attack occurred, and those ticketed had to wait more than six months to be able to make those payments online.
#3 Get the Facts Right
The objective of today’s ransomware is to encrypt critical files, and collect a ransom for the decryptions key. To date no ransomware has stolen or monetized personal information. By hinting to the public that there was a larger risk — by suggesting they check their personal bank accounts — Bottoms put unnecessary stress into an already stressful situation.
#4 Protect the Video
Every police car and police officer in a modern police force has cameras and that footage is being viewed more and more regularly. Video is being captured faster than it can be stored making it impossible to create backups for the plethora of footage. In order to protect those files, the focus must move to the prevention of ransomware as opposed to remediation after the fact.
#5 Realize the Federal Government Can’t Help
One of the city of Atlanta’s first moves was to call the FBI. Unfortunately there’s nothing law enforcement can do to catch modern cyber criminals. Today’s ransomware features two important innovations: encryptions keys and Bitcoin payments. A payment in a crypto currency guarantees the anonymity of the attackers, and that no government agency can identify, prosecute and punish the perpetrators.
#6 Know the Attackers are Watching
The Atlanta infection was perhaps one of the most public and televised ransomware attacks. The concern is what would happen if the motivations of the malware creators turned from money to harm and destruction of our country. The perpetrators of the 9/11 attacks planned for five years to attack in one day. Rather than attacking our buildings, they will go after our networks. They are watching.
#7 Check Antivirus
The role of antivirus is to detect and prevent the ransomware from entering the network. As ransomware continues to improve its technical sophistication, the underlying architecture of antivirus is largely the same. Antivirus is based on a black list of known threats and viruses. Ransomware has reached a level of sophistication that it can infect with alarming ease. As a society, we must start to adopt new technologies that focus on prevention rather than remediation.
#8 Share Antivirus Failures
The reality is that some antivirus products in the marketplace have proven ineffective at blocking modern attacks. When products fail, as is the case with any successful ransomware infection, cities should share which antivirus failed them.
It’s time for cities to get serious about cyber threats, and sharing information is critical.
About the Author
Rob Cheng is a cybersecurity expert with more than 30 years experience in the computer industry. The former Gateway senior vice president educates IT professionals from all over the world about the dangers of cyber terrorism and ransomware. He is also the founder of PC Pitstop and creator of PC Matic anti-virus software.
Access our previous coverage of ransomware and cybersecurity strategies for cities: