Atlanta City hit by SamSam ransomware which demands a ransom of $51k

Personal and financial information on city computers is encrypted by a ransomware

The city of Atlanta has recently experienced a cyber attack by SamSam ransomware^[1]. City officials report that the malware started encoding data in the early Thursday morning at around 5 a.m^[2]. Now experts together with federal partners are trying their best to recover the damage made by the ransomware:

As @Cityofatlanta officials & federal partners continue working around the clock to resolve issues related to the ransomware cyber attack launched against the City, solid waste & other DPW operations are not impacted.

U.S Department of Homeland Security, Microsoft, FBI and Cisco cybersecurity experts were figuring out what information the attackers have accessed. Although, the mayor Keisha Lance Bottoms assures that none of the personal data was compromised^[3]:

At this time, there is no evidence to show that customer or employee data has been compromised. However, customers and employees are encouraged to take precautionary measures to monitor and protect their personal information.

Cybercriminals demand to pay $51 000 to unlock city computers

After SamSam ransomware finished data encryption, the criminals have left specific instructions on how to regain access to the locked computers. The ransom note contained a three-step guide explaining the decryption routine. Hackers allowed Atlanta officials to choose whether they want to unlock individual computers or the whole network.

The ransom note states the following^[4]:

• 0.8 Bitcoin is required to unlock an individual computer or 6 Bitcoins for the entire system;
• Once the payment is made, submit the comment on the website including the given host name;
• You will receive a reply with the decryption key which will unlock the computer and recover all compromised files.

City officials do not reveal whether they have agreed to pay the ransom or not. Additionally, the experts are still working on the investigation of the breach. Currently, it is unknown how the system was hacked and infected with SamSam ransomware.

Experts advise how to protect computer systems from ransomware attacks

The main reason why ransomware-type infections are still lurking in the cyberspace is that people continue to finance the attackers by paying the ransom. It is vital to educate businesses and individuals about cybersecurity and ways how to protect against crypto-malware in the first place.

Chief Information Security officer at Cybereason, Israel Barak has listed multiple precaution measures which are essential when trying to avoid ransomware attack^[5]:

1. Store backup copies of the files on the Cloud or another external file storage system and make sure that they are regularly updated;
2. Avoid downloading paid software on shady websites for free;
3. Get programs only from official and verified pages;
4. Do not install software cracks or key-gen applications;
5. Refrain from opening emails and attachments from unknown senders;
6. Always use a professional antivirus.