City of Atlanta [004]
Posted on Sunday, Nov 17, 2024
Show Notes
When the City of Atlanta was hit by the ransomware group SamSam in 2018 it made headlines worldwide. Headlines often cited costs ranging from $2.6 million all the way up to $17 million, often presented as the costs incurred for not paying the $52,000 ransom. Ben and Chet dive into the archives to determine what series of events lead to these exceptional expenses.
Coverlink case study on the City of Atlanta
Wired - Atlanta spent $2.6 million to recover from ransomware scare
Archive.org Rendition InfoSec report
Archive.org Emergency procurement spending by the City of Atlanta
Wikipedia - Atlanta government ransomware attack
Reuters - Atlanta Officials Reveal Worsening Effects of Cyber Attack
TechTarget - Atlanta ransomware attack cost city more than $5 million\
January 2018: An audit reveals 1,500 to 2,000 vulnerabilities in Atlanta’s IT systems, highlighting complacency regarding cybersecurity.
March 22, 2018: Atlanta’s Department of Information Management detects outages in various internal and customer applications.
March 22, 2018: The City of Atlanta shuts down numerous digital services, including the court system database and airport Wi-Fi, to contain the situation. The attack is publicly acknowledged as a ransomware attack using SamSam ransomware.
March 22-27, 2018: Atlanta collaborates with the FBI, Department of Homeland Security, and Secret Service, while engaging security firms like SecureWorks for investigation. Government computers are advised to remain offline.
May 2018: Atlanta restores its online payment systems.
June 2018: Atlanta Police Department resumes full digital operations. Reports surface estimating that a third of the city’s software programs are still offline or partially disabled. The attack resulted in permanent data loss, including legal documents and police dashcam footage.
November 26, 2018: The US Department of Justice indicts two Iranian hackers, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, for the attack, alleging their involvement in the SamSam group and the creation of the SamSam ransomware.
Post-attack period: Atlanta allocates $2.7 million to contractors for recovery, with later estimations suggesting a total cost of $17 million, including $6 million for initial response and $11 million for system repairs and replacements.
Hosts
Chester Wisniewski (He/Him)
Chester Wisniewski is an old hat to information security having practiced the art professionally for more than 25 years. Starting out with a 300 baud modem in the 80s he became obsessed with exploring the world’s phone networks (phreaking?) which inevitably led to bulletin boards and early internet access in the mid-80s. The trust inherent in the system seemed absurd and this inspired Chester to pursue how we might build systems less prone to abuse. The rest is history.
Ben Verschaeren (He/Him)
Ben has been in Information Technology for two decades starting at the age of 14. Recently described by a senor executive as an “Adult Dennis the Menace”, Ben’s always up for a bit of cyber mayhem. Having worked across, Managed Services Providers, two of Australia’s largest Enterprises and an almost decade at a Security Vendor. Ben’s experience spans Wintel System Administration, Network Administration, Penetration Testing, and Software Development.