Employees at Atlanta City Hall were handed instructions as they come through the front doors to not turn on computers or log on to their workstations on Friday March 23, 2018. JOHN SPINK/JSPINK@AJC.COM

Attack on Atlanta’s computer system impacting services

Atlanta’s newly elected mayor on Friday predicted that the city would continue to experience a “massive inconvenience” in the aftermath of a ransomware cyber attack that prevented city employees from using their computers and prompted discussions about a costly rebuild of the city’s entire computer network.

“But it is not a matter of life or death,” said Mayor Keisha Lance Bottoms at a press conference Friday afternoon at City Hall.

Officials said they are not able to provide details about where the attack began, the amount of data that might be affected, or whether they were considering paying a $50,000 ransom requested by the hacker.

“We are deeply into active investigation, incident management mode,” said Daphne Rackley, the city’s interim chief information officer. “What that means is that we are not ready to share any definitive statements, because … the data and the information changes on a regular basis.”

Bottoms said that city officials hadn’t found any evidence that sensitive employee or public data had been compromised in the Thursday attack. Still she urged employees and residents to monitor their accounts and credit activity.

The attack did cause some disruptions to city services and to employees.

On Friday, workers were handed instructions as they came through the front doors to not turn on computers or log on to their workstations.

Residents coming to Atlanta City Hall to pay bills were turned away Friday. Corrections officers processed inmates manually. And the City Council was making plans take voice votes and work off of paper at meetings next week.

The city’s municipal court could not process ticket payments in person or online or validate warrants.

Richard Cox, Atlanta’s interim chief operating officer, said the city would not issue failure to appear warrants for cases scheduled to be heard during the outages.

The city’s emergency management systems, along with Hartsfield-Jackson Atlanta International Airport systems, had not been impacted although the airport had shut down its wifi.

“I tried to connect,” said traveler Kate Clough, who lives in Sugar Hill and just landed at Hartsfield-Jackson on Friday after a business trip to Philadelphia. “I assumed I would be able to e-mail all the work I did on the plane once I landed, but now I have to wait an hour until I get to Sugar Hill.”

The business of attacks

Bojan Simic, founder of the Bitcoin Security Project and Chief Technology of the New York City based of HYPR Corp., said that ransomware attacks have gone from targeting individuals to large corporations and government bodies where much more is stake.

Simic said ransomware attacks have their own business model. Information is frequently de-crypted once payment is made to ensure others will also pay. Ransom amounts are based on the value and amount of compromised data.

The $50,000 figure in Atlanta’s case surprised him, Simic said, adding that it indicated that the information that the city could no longer access was valuable.

“This amount is a little bit concerning to me,” Simic said. “They probably did some cursory investigation of the data and of the system that they have hacked and saw that they probably do not have backup data, so they can charge more money.”

The city declined to provide any details about the nature of the data the attack jeopardized.

William “Chip” Collins, Jr. of the law firm Burr & Forman LLP’s Atlanta office, said that under state law the city must notify people once it believes their data may have been breached or it could face potential legal claims.

The city obtained a cyber attack insurance policy in advance of the attack.

But the city’s Chief Financial Officer Jim Beard declined to disclose the costs of the deductible or policy limits, saying that it might encourage future attacks.

Post 1 At Large Councilman Michael Julian Bond said that he was “pretty confident” that the situation would be resolved “in a few days.”

He also said this successful hack may encourage other attacks.

“As daunting as the city of Atlanta’s apparatus may seem, we’re still limited by the amount of resources we have to defend our systems,” Bond said. “So we’re going to have to make is as much of a priority as it has already been, and we’re going to have to increase it.”

Time to upgrade?

Stacey S. Farrell, of the Farrell Law Firm, said municipalities are often vulnerable to cyber attacks because of their outdated hardware.

Farrell said cities often resist investing in their computer networks but use third party applications to satisfy customer demands. Those outdated systems were often never intended to use modern day applications, she said.

While she couldn’t speak specifically about the city’s network, Farrell said it would be “more unusual for the city to have modern, state of the art [systems] than what we typically see.”

Bottoms seemed to acknowledge as much when she compared the city’s network to a decade-old pickup she drove until it was wrecked.

“It was an opportunity to upgrade and make some improvements, and that’s the way I have charged our team to look at this situation,” Bottoms said.

When the mayor heard that some council members wanted to completely rebuild the city’s computer network despite significant costs, she said: “I thank them in advance for that approval.”

Reporters Kelly Yamanouchi and Tyler Estep contributed to this article

Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.

Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.