In an unprecedented attack on the IT systems of a major municipal government, hackers are demanding ransom payable in bitcoin after seizing control of computers belonging to the Atlanta city government, AFP reports.
The ransomware assault shut down multiple internal and external applications for the city, including apps that people use to pay bills and access court-related information, Mayor Keisha Lance Bottoms told a news conference Thursday.
The attack also impacted the city's emergency-response services - forcing dispatchers answering 911 calls to take down reports with a paper and pen
"This is a very serious situation," Bottoms said.
City officials said they learned of the attack before dawn Thursday when they detected unusual activity on their servers and discovered that some of the city's data had been encrypted without their consent.
Shortly after, the city government received a ransom note giving instructions for paying to free up files encrypted by the hackers.
The hackers - perhaps having learned from the relatively small take received during previous ransomware attacks like last year's infamous "WannaCry" global assault - are demanding the city pay a relatively modest ransom: Six bitcoins - or about $51,000.
Newsweek reports that a note provided to city officials included step-by-step instructions on how to pay. It linked to a website URL hosted on the dark web. But at a press conference led by Bottoms, officials told the public they are still assessing the extent of the attack.
"The City of Atlanta has experienced a ransomware cyberattack," confirmed chief operating officer Richard Cobbs during the briefing. This attack has encrypted some of the city data, however we are still validating the extent of the compromise."
A statement released to the public read: "The City of Atlanta is currently experiencing outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information."
"At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," it added. "We are confident that our team of technology professionals will be able to restore applications soon."
Bottoms demurred when asked whether the city is contemplating paying the ransom.
On the option of paying the ransom, Bottoms said: "We can’t speak to that right now, we will be looking for guidance specifically from our federal partners on how best to navigate the best course of action. Right now, we are focused on fixing the issue."
"The explanation is simple, we don’t know the extent. I would ask that people assume you may be included if personal data has been breached. We don’t know if it's information related to just our employees or if it’s more extensive than that. Because we don’t know, I think it would be appropriate for the public to be vigilant checking their accounts and making sure credit agencies can also be notified."
The FBI warned in 2016 that victims of ransomware attacks should refrain from paying ransoms, explaining that it would not guarantee that their data would be released, and, furthermore, would only embolden criminals.
That attack hit more than 200,000 companies, hospitals, government agencies and other organizations in 150 countries, but most of the victims opted to let their data be erased rather than pay the ransom.
The FBI and Department of Homeland Security are investigating.
WannaCry, Petya and other major ransomware attacks were carried out using NSA cyberweapons that were stolen by a group called the Shadowbrokers, who've been selling a cache of NSA weapons to whoever is willing to buy them - even launching a subscription service last year. It's unclear what type of ransomware is being used in the Atlanta attack.
Comments
Damn !!! Those Amish Russians, are always one step ahead of us.
Atlanta, the chocolate shithole of the south.
In reply to Damn !!! Those Amish… by Yen Cross
"This is a very serious situation," Bottoms said.
What did the Tops have to say?
In reply to Atlanta, the chocolate… by MagicHandPuppet
Um, backups? And there is a lot of inexpensive (and free) software to protect against this. But, of course, this is Gubmin so, yeah...
And this, of course, on top (no pun intended) of the recent ATL problems. Atlanta does seem to have more than its fair share of "issues" recently? Remind me again who runs Atlanta?
In reply to "This is a very serious… by philipat
What if the government shut down and the average taxpayer didn't notice or care.
In reply to Um, backups? And there is a… by philipat
It's amazing to me, that "The People" continue to have ANY faith in government, at all.
Between the corruption, endless lying, outright criminality, and sheer ineptitude, a thinking person has to ask themselves, "How much longer, can this 'Merry-go-round of Idiocy' continue?"
At what point, does the realization suddenly hit people, that they're placing way too much trust in the wrong kinds of people?
The fact that political gridlock prevents anything meaningful from being accomplished, coupled with the aforementioned problems, is exactly the fuel that gives rise to dictatorships.
Maybe that's part of the plan.
Anyway, some suggestions for you, if you're like me, and really care about your privacy:
If you haven't already done so, consider placing a freeze on your credit with the 3 main agencies, providing you do not have any need to apply for a loan in the short-medium term.
I would also suggest becoming a "ghost", in the sense that:
1. Use different screen names on all of the discussion sites you're active on, linked to different email accounts.
2. The houses are owned by LLC's, as are the vehicles. Utilities are under the names of other people, to whom you pay a small annual fee for allowing the use of their name (Pay all of the bills early, so there is no risk to them, or their credit ratings).
3. Cell phone #1 is a disposable prepaid, with call forwarding active that forwards to another prepaid number, which is how friends/family get in touch. When answering the phone, the caller asks for a different name than yours, and you call back.
4. Have a 3rd phone that forwards to a 4th prepaid phone that only gets turned on to retrieve voicemails. Give out this number to strangers, and use it on forms...doctor's offices, banks, government agencies, anybody who "shares or may share information with 3rd parties".
Note: The point of having 4 phones, is so that you can leave the phones that forward in another location, and add a layer to the tower pings. In laymen's terms, someone tracking you by cell location will see the phones that forward, not the locations the phones forward to (where you are).
For OpSec, #2 is only on, at certain times of day, and stored similar to #4 - #4 is kept without its battery in place, in a signal blocking pouch, and used as needed.
5. Bank accounts are also under different names, non-interest bearing, so no tax impact.
6. Web access is only done via public open access (open wifi), and all online purchases are made using prepaid credit cards, with deliveries to a PO Box (under, you guessed it, another name...). It's a little trickier to setup a PO Box this way now, and places like the UPS Store have looser ID requirements, just FYI. To get around the USPS mail requirements (that all parties getting mail at the box provide ID, fill in an LLC name on the back (Joe Smith, LLC). Mail letters to the LLC, using variations on the spelling, and eventually just drop the LLC, when getting anonymous shipments.
7. Have a valid driver's license, listing the apartment of a friend as the address.
Before anyone gets the wrong idea:
I have no criminal record, at all, and no involvement with illegal activity of any kind (at least in the 'common sense' sense of the Legal code; we all break laws every day...). I am someone who takes their privacy very, very seriously. I also recognize the reality that a person's life can get turned completely upside down in an instant...by lawyers, law enforcement, the media (& God only knows who else)...so:
By setting things up this way, you have a good "buffer zone" between you, and "them".
For marketing, research how to opt-out of the DMA, Axciom, and other companies like this; the requirements vary by company, and it's too much for me to think about, this time of day. Some are simple online submissions, others send you a packet that you fill out, and snail-mail back. It takes some effort, but it's worth it, in the long run. Your junk mail will drop down to almost nothing, and your visibility on the web will, too.
The overall point of this longwinded post is this:
ID theft happens, because Governments and Corporations are irresponsible and reckless with your information. You DO have some control over this, but it takes some effort to reclaim your power. It is worth it, I sincerely promise you that.
In reply to What if the government shut… by are we there yet
$51K is a small price to pay for a hard lesson learned, certainly less than the cost of manually trying to undo the damage at this point. Pay the ransom, take it out of the IT manager's salary and put in a fucking firewall.
I am Chumbawamba.
In reply to Amazing by Croesus
We must raise taxes to pay the ransom! Because I cannot live without my government!!!
In reply to $51K is a small price to pay… by chumbawamba
LOL. Atlanta once again in the Nation's spotlight, and the sign it is holding up says "WE ARE DUMBSHITS". Affirmative action paradise lost.
In reply to I’m old enough to remember… by Liberal
I continue to be bewildered knowing that so many organizations (esp. .gov) are STILL so vulnerable to these kinds of attacks. I guess they don't have any smart IT guys working there for the city of Atlanta, else the top managers won't pay for security.
Then they get whacked for a lot more than they would have paid for a decent team of IT managers.
In reply to $51K is a small price to pay… by chumbawamba
R, given your travels and life's experience, it surprises me that you haven't observed that the Government moves at a snail's pace, when it comes to making intelligent, sensible decisions, that benefit the public.
The only time I ever see a "gleam of intelligence, in Big Brother's eyes", is when they've come-up with an idea that either: makes government grow, strips Peoples' Rights, or benefits the owners.
Below, I've created a chart:
"The Growth of the US Government 1789-2017", with an overlay of "The Rights of American Citizens" capturing the same time period...the chart is in quotations:
"X"
In reply to … by 38BWD22
Nice work here
+1 x 2
In reply to R, given your travels and… by Croesus
Smart IT people are expensive. In govt, the higher salaries are reserved for the politicians and manager types, and they can't afford to hire competence at the technical level.
In reply to … by 38BWD22
It says the website is hosted on the dark web. So all we have to do is approach the dark web's host and tell them to make it stop.
In reply to Smart IT people are… by Automatic Choke
Better yet, pass some more laws and regulations that penalize honest people and have no impact whatsoever on CyberCriminals. Yeah! Your encrypted tax dollars at work.....
In reply to It says the website is… by a Smudge by an…
Just convince the "world" you are a homeless lunatic. Or get seven disposable spouses in three states.
It's not getting any easier.
"It's not the people who USE the computers, it's the people who DESIGN the computers who have all the power." -- The Unabomber (not really) :-[]
In reply to Better yet, pass some more… by FreedomWriter
Oh man, best stay off the chocolate web. Especially after dark.
In reply to It says the website is… by a Smudge by an…
what if the IT guy is the hack? lol...
disgruntled gov.org wonk?
just guessin
In reply to Smart IT people are… by Automatic Choke
That's what happens when your employees watch monkey porn all day.
In reply to what if the it guy is the… by new game
...probably one of the mayor's relatives...
In reply to what if the it guy is the… by new game
It may not necessarily be the fault of IT managers. No one can guarantee what the many users on the system are doing, no matter how much training, warning, and coaxing they provide.
In reply to … by 38BWD22
Yeah, they'd waste $51k in less than 24 hours anyway.
In reply to $51K is a small price to pay… by chumbawamba
Nice referendum.
Hell, Croseus, you're Julius Caesar reincarnated.
In reply to Amazing by Croesus
Excellent.
In my case, I work as a squirrel. They gave me a fake ID, so I used it to create more fake IDs.
Haha.
Some of them are in a safe. They have never been used. But Mr LC can leave as Mr CL.
The house in Bangalore is needing attention. Mr Sajeev needs to head towards Bangalore.
In reply to Amazing by Croesus
in Aus you cant get any phone even a throwaway 10$ one without showing licence and adresses ID
ditto PO boxes and the rest
if you want to see how controlling a 1st world democratic?nation is of citizens than look no further
mandatory vac for kids
and now mandatory chip n desex to own any dog in Sth Aus and coming soon elsewhere
you cant even place an ad to sell a pup w/out chip number IN the ad.
only way to manage money is to remove it from all banking which increases personal risk of theft etc
In reply to Amazing by Croesus
@ Amicus:
I knew things were f-ed up in Oz, but damn, man. No way I'd "chip" a pup, or any other animal in my care.
Here in the States, we naturally have piles of our own government stupidity laying about everywhere...
Remember, "It's for safety!" (As if a bunch of fat bureaucrats would actually protect anything, other than their power & largesse).
In reply to in Aus you cant get any… by Amicus Curiae
Nigs run the City. No intelligence exists.
In reply to Um, backups? And there is a… by philipat
When the collapse comes, all the cities over 1 million, in the US will burn to the ground.
In reply to Nigs run the City. No… by lakecity55
The quick and dirty way is to backup data directly to "online" hard drive storage.
Only problem is, if your online backups become encrypted by the same malware that zapped your mainline systems, you're done for
Looks like they're done for...
In reply to Um, backups? And there is a… by philipat
Infect the system, wait for the backup cycle to revolve. Pull trigger.
IT Restore files make it worse!
I had a virus go through to a backup, shit of a thing to get rid of.
In reply to The quick and dirty way is… by vaporland
All true. But a decent risk management program will fix that and all the other dumb things IT folks do when they can get away with it. This sort of event almost always reveals that the backup systems in use are inadequate, vulnerable, or simply won't work when needed. Happens every day somewhere. Those who've been stung usually get it right afterwords, but it almost always costs the jobs of a few ITers.
.
In reply to The quick and dirty way is… by vaporland
"NSA cyberweapons" - Well now we know where all this $hit comes from... We are paying our government for these NSA MF'ers to make ransomware virus's. And previously our lovely government lied and said it was created by Russian hackers...
In reply to "This is a very serious… by philipat
And the release of all these cyberweapons lets the 'intelligence agencies off the hook. Meaning, Probably also means that they have much better ones, that point to Russia, Iran or China. I wonder what NK did to appease the banksters. They just dropped off the radar.
In reply to "NSA cyberweapons" - Well… by Yellow_Snow
The tops [banksters] were too busy looting the serfs.
Where's Knuckles? Paging Knuckles?
I know exactly where Knuckles is. {Pension Land}
Grow some balls Knuckles, unless you're doing Cancer therapy at Aviaria?
In reply to "This is a very serious… by philipat
Tis merely the translation. What she probably say was more like" Dang dis some serious shee-it." Keisha Bottoms said.
In reply to "This is a very serious… by philipat
Atlanta Mayor Kissya Bottoms. I think that says all that needs to be said.
In reply to Atlanta, the chocolate… by MagicHandPuppet
I thought it was a Negro shithole?
In reply to Atlanta, the chocolate… by MagicHandPuppet
Please don't deride Chocolate. Chocolate is great. Atlanta is a nigger shithole.
In reply to Atlanta, the chocolate… by MagicHandPuppet
They need to put signs stating “NO RANSOMWARE ATTACKS ALLOWED “
In reply to Damn !!! Those Amish… by Yen Cross
Better yet, pass a law prohibiting Ransomware. That'll show those bad guys!
In reply to They need to put signs… by Fester
There you go: they forgot to prominently display "NO RANSOMWARE ZONE" on the homepage of their website.
-chumblez.
In reply to They need to put signs… by Fester
Only you, decide what you want to decipher.
Welcome to the matrix.
It's been going on since the "Cave Man" days.
The "Adjustment Bureau" is laughing their asses off.
In reply to They need to put signs… by Fester
Our fire department got their server encrypted recently, dipshit firefighters logging in to the server, then surfing the web. If you knew how dumb most cops and firefighters really were, you would never fucking call 911.
We let them sweat for about 4 hours or so, then restored the server from a recent full backup. Did anyone get fired? Any policy changes? Any thanks?
HAHAHAHAHAHA.
In reply to Damn !!! Those Amish… by Yen Cross
BTCP "Bit Coin Private" would be a better payment choice then BTC
Not traceable
In reply to Damn !!! Those Amish… by Yen Cross
Okay, lets talk about the wind.
When 's the last time you harnished the wind?
I just want some good Mexican food.
In reply to BTCP "Bit Coin Private"… by bushboy
Wtf is harnished? A smelly vagina?
In reply to Okay, lets talk about the… by Yen Cross
The attack was probably from Chicago - just trying to pay down some of that pension obligation.
In reply to Damn !!! Those Amish… by Yen Cross
I'm more worried about what our government, and the deep state that runs it, is doing. I'm suspicious of everything these days. Call me paranoid....I don't care.
This is a false flag, guaranteed. Real hackers would demand payment in Monero, not bitcoin. Monero is truly untraceable.
In reply to I'm more worried about what… by headless blogger
Thank you! You will see more and more of this. Just to get legislation passed against crypto. Last time I checked drug dealers, terrorist, and Clintons took federal reserve notes. Let's ban the real problem.
In reply to This is a false flag,… by aurum4040
Pagination