Case Overview
22 March, 2018 the City of Atlanta suffered from a ransomware attack. Many devices at City Hall were shutdown. SamSam Ransomware was to blame. Demanded $51000 and the city refused. Shutdown the main devices for 5 days. Many of the operations returned to the traditional handwriting 😊. Atlanta disabled WiFi at the airport up until the 2nd of April.
Timeline
22 March, 2018 - ransomware strikes.
May - online water bill payment restored.
June - online bill payment option and docket boards returned.
Lessons Learned
Upgrade on a regular basis! $6m was spent on security services and updates + $11m potential costs for desktops, laptops and tablets. This was the costliest attack against US gov despite that they refused to pay the ransomware. They should have known their infrastructure, segment their network, have a backup plan and multifactor auth.
References
[1] IBM course