March 23, 2018 Atlanta: Employees at Atlanta City Hall were handed instructions as they come through the front doors to not turn on computers or log on to their workstations on Friday March 23, 2018. Friday's action comes as city officials are struggling to determine how much sensitive information may have been compromised in a Thursday cyber attack. The city has also received demands that it pay a ransom of an unspecified amount, officials confirmed. But officials had yet to make a determination if it would pay the ransom. Hartsfield-Jackson International took down the wi-fi at the world's busiest airport after a cyber attack on the city. The Atlanta airport's website said after the cyber attack that security wait times and flight information may not be accurate. JOHN SPINK/JSPINK@AJC.COM

City of Atlanta officials provide little detail about cyberattack

Five days after a cyberattack forced City of Atlanta employees to turn off their computers to preserve the city’s network, officials declined to provide the public any new significant detail about the attack’s origin on Monday.

At a press conference at City Hall, an outside computer security consultant for the City of Atlanta said that his firm had completed the “investigation and containment phases” in response to the cyber attack.

“We are transitioning into the recovery phase to include the methodical restoration of critical systems,” said Michael R. Cote, President & CEO of Secureworks, an Atlanta-based firm called in to assist the city.

But as Atlanta Mayor Keisha Lance Bottoms faced questions about what vulnerabilities the investigation uncovered, Cote interrupted a reporter and appeared to contradict his earlier statement.

“Excuse me, excuse me, the investigation is not complete,” Cote said. “We started the early phases of the investigation. We still have a lot of work to do. We are beginning to move into the recovery phase. So there is multiple phases when you do an incident response investigation.”

Cote said he knew who was behind the attack, but declined to identify them.

The city’s Department of Atlanta Information Management at 5:40 a.m. Thursday learned of outages of various internal and customer applications “including some applications customers use to pay bills or access court related information,” according to a statement from Richard Cox, the city’s interim Chief of Operations.

The public safety department, water services and flights out of Hartsfield-Jackson Atlanta International Airport operated without incident, Cox said. 

However, the airport turned off its wifi following the hack and some tools on the airport’s website were down, such as security wait times and flight information. 

“While we aren’t directly affected by the cyberattack, we are being abundantly cautious and have taken these systems offline,” Atlanta airport spokesman Reese McCranie said.

“While we aren’t directly affected by the cyberattack, we are being abundantly cautious and have taken these systems offline,” Atlanta airport spokesman Reese McCranie said.

Bottoms said that city officials hadn’t found any evidence that sensitive employee or public data had been compromised in the Thursday attack. Still she urged employees and residents to monitor their accounts and credit activity.

She also did not rule out paying a $51,000 ransom being demanded to unlock the city’s computer system.

Bottoms compared the attack to a “hostage situation” and argued that the city couldn’t give away too much information.

“We are working around the clock,” she said. “We just continue to ask the public to be patient.”

Employees in five of the city’s 13 departments are performing their jobs “manually,” or are not able to function as efficiently as they have in the past.

Those departments include: Corrections, Watershed Management, Human Resources, Parks and Recreation and City Planning.

The Department of Watershed Management is unable to accept bill payments online or in person or process new water meter sales.

“This is really much bigger than a ransomware attack,” Bottoms said. “This was an attack on our government, which means it was an attack on all of us.”

Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.

Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.