![Silhouettes of laptop users are seen next to a screen projection of binary code are seen in this picture illustration]({"default":{"load":"default","w":"73","h":"49","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAvjJ2v.img?h=486&w=728&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAvjJ2v.img?h=417&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"42","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/AAvjJ2v.img?h=417&w=624&m=6&q=60&o=f&l=f"}})
Atlanta’s top officials holed up in their offices on Saturday as they worked to restore critical systems knocked out by a nine-day-old cyber attack that plunged the Southeastern U.S. metropolis into technological chaos and forced some city workers to revert to paper.
On an Easter and Passover holiday weekend, city officials labored in preparation for the workweek to come.
Police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating “ransomware” virus attacks to hit an American city.
It is my sincere desire to provide readers of this site with the best unbiased information available, and a forum where it can be discussed openly, as our Founders intended. But it is not easy nor inexpensive to do so, especially when those who wish to prevent us from making the truth known, attack us without mercy on all fronts on a daily basis. So each time you visit the site, I would ask that you consider the value that you receive and have received from The Burning Platform and the community of which you are a vital part. I can't do it all alone, and I need your help and support to keep it alive. Please consider contributing an amount commensurate to the value that you receive from this site and community, or even by becoming a sustaining supporter through periodic contributions. [Burning Platform LLC - PO Box 1520 Kulpsville, PA 19443] or Paypal
-----------------------------------------------------
To donate via Stripe, click here.
-----------------------------------------------------
Use promo code ILMF2, and save up to 66% on all MyPillow purchases. (The Burning Platform benefits when you use this promo code.)
Three city council staffers have been sharing a single clunky personal laptop brought in after cyber extortionists attacked Atlanta’s computer network with a virus that scrambled data and still prevents access to critical systems.
“It’s extraordinarily frustrating,” said Councilman Howard Shook, whose office lost 16 years of digital records.
One compromised city computer seen by Reuters showed multiple corrupted documents with “weapologize” and “imsorry” added to file names.
Ransomware attacks have surged in recent years as cyber extortionists moved from attacking individual computers to large organizations, including businesses, healthcare organizations and government agencies. Previous high-profile attacks have shut down factories, prompted hospitals to turn away patients and forced local emergency dispatch systems to move to manual operations.
Ransomware typically corrupts data and does not steal it. The city of Atlanta has said it does not believe private residents’ information is in the hands of hackers, but they do not know for sure.
City officials have declined to discuss the extent of damage beyond disclosed outages that have shut down some services at municipal offices, including courts and the water department.
Nearly 6 million people live in the Atlanta metropolitan area. The Georgia city itself is home to more than 450,000 people, according to the latest data from the U.S. Census Bureau.
City officials told Reuters that police files and financial documents were rendered inaccessible by unknown hackers who demanded $51,000 worth of bitcoin to provide digital keys to unlock scrambled files.
“Everything on my hard drive is gone,” City Auditor Amanda Noble said in her office housed in Atlanta City Hall’s ornate tower.
City officials have not disclosed the extent to which servers for backing up information on PCs were corrupted or what kind of information they think is unrecoverable without paying the ransom.
Noble discovered the disarray on March 22 when she turned on her computer to discover that files could not be opened after being encrypted by a powerful computer virus known as SamSam that renamed them with gibberish.
“I said, ‘This is wrong,'” she recalled.
City officials then quickly entered her office and told her to shut down the computer before warning the rest of the building.
Noble is working on a personal laptop and using her smartphone to search for details of current projects mentioned in emails stored on that device.
Not all computers were compromised. Ten of 18 machines in the auditing office were not affected, Noble said.
OLD-SCHOOL ANALOG
Atlanta police returned to taking written case notes and have lost access to some investigative databases, department spokesman Carlos Campos told Reuters. He declined to discuss the contents of the affected files.
“Our data management teams are working diligently to restore normal operations and functionalities to these systems and hope to be back online in the very near future,” he said. By the weekend, he added, officers were returning to digital police reports.
Meanwhile, some city employees complained they have been left in the dark, unsure when it is safe to turn on their computers.
“We don’t know anything,” said one frustrated employee as she left for a lunch break on Friday.
FEEBLE
Like City Hall, whose 1930 neo-Gothic structure is attached to a massive modern wing, the city’s computer system is a combination of old and new.
“One of the reasons why municipalities are vulnerable is we just have so many different systems,” Noble said.
The city published results from a recent cyber-security audit in January, and had started implementing its recommendations before the ransomware virus hit. The audit called for better record-keeping and hiring more technology workers.
Councilman Shook said he is worried about how much the recovery will cost the city, but that he supports funding a cyber-security overhaul to counter future attacks.
For now his staff are temporarily sharing one aging laptop.
“Things are very slow,” he said. “It was a very surreal experience to be shut down like that.”
Mayor Keisha Lance Bottoms, who took office in January, has declined to say if the city paid the ransom ahead of a March 28 deadline mentioned in an extortion note whose image was released by a local television station.
Shook, who chairs the city council’s finance subcommittee, said he did not know whether the city is negotiating with the hackers, but that it appears no ransom has been paid to date.
The Federal Bureau of Investigation, which is helping Atlanta respond, typically discourages ransomware victims from paying up.
FBI officials could not immediately be reached for comment. A Department of Homeland Security spokesman confirmed the agency is helping Atlanta respond to the attack, but declined to comment further.
Hackers typically walk away when ransoms are not paid, said Mark Weatherford, a former senior DHS cyber official.
Weatherford, who previously served as California’s chief information security officer, said the situation might have been resolved with little pain if the city had quickly made that payment.
“The longer it goes, the worse it gets,” he said. “This could turn out to be really bad if they never get their data back.”
Linux. Using anything else [Windows] is akin to playing Russian Roulette with a loaded Glock.
Oh. And once a week, EVERY WEEK, disconnect your system from the internet and do a complete backup on a removable hard drive, then remove it before you plug back in. Please.
You offer excellent advice. For those who don’t want to be troubled by the complexities of Linux and/or backing up the way you describe, there are lots of simple anti ransomeware solutions out there. Malware Bytes has one that is free. Windows 10 has the protection built in, as long as it is turned on. And now MS even has URL detonation built in so nasty links are destroyed before a user can even click on them
Atlanta just has a bunch of political appointees instead of actual trained IT professionals who could have easily stopped this. Your tax dollars at work
Thumbs up for Malwarebytes. Their software is free and since I’ve been running it I’ve not had any virus infections. Main thing you get if you pay is automatic scans.
Did you have any virus infections before Malwarebytes?
Only problem I’ve ever had is the usual adware crap that everyone using the internet has to deal with now and then.
Just never ever open any attachment in an email that you aren’t already expecting to receive from someone you know, and never click on a link in an email no matter what unless you look at the headers first to verify where it came from and you know it is a safe link. You’ll avoid almost all risk that way since that is the common way to transmit a virus or malware.
It’s difficult to imagine Atlanta being so forward thinking as to upgrade to Windows 10. I imagine they’re somewhere between 3.1 and Millenium {grin}.
When we switched over to Linux it was painless and free. Never looked back. No antivirus, anti malware, anything, and haven’t had to spend hours rebuilding a broken system.
Indeed, Malwarebytes is a fantastic choice for anyone sticking with MS. I also recommend some sort of backup, either cloud or removable drive, just in case, and there will eventually be a case. I am admittedly very ocd about backups. I even have everything important (that isn’t already printed) on Blu-ray optical backups, stored in a dark, fireproof place. You know, for recovery after the EMP. And an old laptop in a metal trash can too?
Be safe everyone.
Just an FYI, while Linux is absolutely MUCH more stable than Windows could ever dream of being, ‘out of the box’ many Linux distro’s come running MANY services that can be taken advantage of to compromise the system. I very much advise looking into locking the desktops down as much as possible, as well as having a robust personal firewall. Just sayin…..
Idiotic.
Linux does not stop a cyber attack.
Samsam in particular is not a “drive-by” attack – I.e. email attachment or web site/download, it is a tool lotuses by live persons. The encryption is just the final stage of monetization.
It is actually easier to encrypt a Linux box once you have entry and privilege since Linux has no capabilities for system preservation like Defender.
Linux is security by obscurity, except it isn’t so obscure either.
I can’t wait to see what happens when hackers can turn off an entire city! Won’t that be exciting? Watch them shut off the water, power, infrastructure, 911, ATC, etc. Remember that Die Hard sequel?
“It’s a fire sale.”
“What’s a fire sale?”
“Everything has to go.”
The FSA will go apeshit when the EBT stops running and the cops can’t respond.
The FBI should do a comprehensive financial audit of Atlanta, going back at least 25 years, to be certain the hackers caused no problems. I’m sure the city of Atlanta would be quite welcoming to a herd of FBI forensic accountants. After all, what could they possibly have to hide?
They should go over the electoral rolls, too, to ensure the hackers didn’t add a bunch of dead and/or imaginary people for some reason – presumably as Democrat voters.
Wait. This is Wakanda, right? Ain’t nothin’ a little Vibrainium can’t fix.
The ransom was only $50,000. I seriously can’t believe that it hasn’t cost 10 times that at least by now (well, cost the taxpayers….the worthless pieces of shit in the Atlanta government aren’t paying the costs).
State Capital and Everything Hub of Georgia too; hope it takes down the whole Communist Plantation and Jimmy.
With work I am the IT department. Not a big operation. Only 10 employees and 7 computers on network. I have limited knowledge of computers but even I know that it pays to back up to external HD. I make two. One is everyday. And another is done once a month. It seems like overkill but ya just never know. If worst comes to worst. I d only be 4 weeks behind and everything could be back up and running after a day or two.
This ransomware stuff is pretty scary. Still I cannot understand how a city gets themselves into a situation like this. I mean they likely have in Atlanta a whole department of trained professionals. Some of whom studied this at University
Crazy
FOWARD !
[img
[/img]
Joseph Tainter: The Collapse Of Complex Societies
Sustainability requires that people have the ability and the inclination to think broadly in terms of time and space.
https://www.zerohedge.com/news/2017-06-30/joseph-tainter-collapse-complex-societies
[img
?w=700[/img]
Ransomware is evolving like every other cyber crime. The attackers who do network intrusions as clearly happened with Atlanta (and Leeds earlier this year, and SF 18 months ago) increasingly go after the backups first. I’ve seen cloud backups, on site hardware, windows shadow copies, all get contaminated first.
Even alternating systems – I had a customer last year who used 2 day switch on/off systems. The attacker hit the 1st system as it was about to rotate offline, then hit the 2nd.
Doing manual backups every week can help, but that’s idiotic when you are faced with the hundreds, thousands and ten’s of thousands of systems in a large organization.
And even then, if you have data and software of any serious level, it can take a week or more to restore.
C1ue
I realize first hand that any security is only as good as the employees. Last year two folks in office got caught in phishing scam and somehow gave up their password to their email. I was able to shut it down before the hackers changed the password. Still just barely but only because gmail noticed something weird going on. Unbelievable. So I went into my boss’s office and here he is overriding the warning. Repeatedly!
I told him do you realize what is going on right now.
So seeing as you know more than I about this. What is best solution. I do manual backups and disconnect one at all times from network.
Is it true that MS10 makes this harder to do?
Are the manual backups enough for a small outfit like us?
The best approach is to do tiered backups or to test the backups.
Technologically, there are ways to tell when a backup is being tampered with. The 2 best ones are:
1) %change. For the vast majority of people, more than a 5% change of all files is a guaranteed sign of ransomware. However, implementation of this *will* create a lot of false warnings since the type of change – particularly time stamp changes – from the backup process itself will be more than 5%.
2) entropy change. This is a mathematical transform of the data set; ransomware because of its encryption process will cause the entropy profile of a backup data set to change.
Non-technologically – create some tests for backups before they over-write the previous version. I’d recommend validating that the core business continuity data+software be tested: patient scheduling, billing, inventory+shipping, that kind of thing. These types of tests aren’t that easily automated but are the most effective at ensuring backups aren’t poisoned.
Having a tiered set of backups is also a non-technological way to protect yourself. Have a say, 2 week or 1 month (or more) interval where you write out the backup to tape and just file it in a cabinet. This way you’ll have a series of snapshots that are impossible to tamper with. Then for whatever you’re using now that is online/live, keep different versions for the short term. If your goal is 1 day, keep 3 or 4 days of versions going.
I’d also test to see just how much business continuity interruption you would experience if you had to do a full wipe and restore for 1 user’s machine or for a key server. I would actually recommend a digital twin if this interruption is significant (i.e. 1 day or more) as I’ve seen law firms get taken down for a full week even without a successful attack (i.e. had to restore due to a failure).
Keep in mind that the SMB attackers these days are more often coming in via a network intrusion than via an employee or exec clicking on the wrong email. The largest ransom known to have been paid is $1.5M, but the damage done by the attackers is generally at least 10x what they charge for ransom.
There you have it. Not enough time at work and too much time in the Donut Shop. What do you suppose the average weight is in that group? 250? 275?
The better question should be “What do you suppose the average IQ of that group is”? 75? 80?
I have great empathy for the City of Atlanta. 80% of the population doesn’t know it’s happening.
having been a closet Luddite for a while, its always funny to realize that even if the entire political/government system went down, business between people of good will and trust still keep rollin’ along. Low tech beats high tech every time. Its hard to hack a file cabinet and carbon paper but it does create local employment.
My company does engineering. We have a wired LAN for the actual engineering that is not linked to the internet. Anything coming from the internet is run through a separate PC with every known malware and AV we can get, and then still kept separate until deemed clear by our engineering IT guys. This entails every engineer having a PC for real engineering work and one for admin stuff and internet access – but with PC’s cheaper than typewriters used to be, the expense is nothing.
So far, so good. And we did migrate away from MS – because their software is actually ransomware anyway.