Effects of Cyber-Attack Still Unfold for Atlanta

Even though it's been more than two months and $2.7 million since a major ransomware attack nearly crippled the city of Atlanta, the aftershock continues to impact municipal employees across several departments.

At a 6 June Department of Atlanta Information Management (AIM) meeting, a city official requested an additional $9.5 million to try and correct the affected systems. Infosecurity Magazine attempted to contact AIM but has not received a response.

The city continues to work with private and government partners to understand the full scope of the attack's impact, but Atlanta's interim chief information office, Daphne Rackey, reportedly said that the number of impacted applications is more than 30% of the 424 mission critical programs. That number "seems to grow every day," Rackey reportedly told the Atlanta city council.

The attack, which came with the demand for $51,000 worth of Bitcoin that the city said it did not pay, encrypted city files, leaving customers unable to access city applications. Information on current city operations is available to residents, but whether any lost data has been restored is unclear because the city's website has not updated information on the attack since 30 March.

Several different agencies are said to have told the city council on 6 June that their workplace has yet to return to normal. "This has been painful on many fronts," Atlanta police chief Erika Shields told WSB-TV in a live interview on 1 June. Referring to the police dashcam data that was lost in the attack, Shields said, "That is lost and will not be recovered. That could compromise potentially a DUI case."

It's unclear what has been most painful for the department, however, because Shields also said that she is not overly concerned. "It's a tool, a useful tool, but the dashcam doesn't make cases for us."

Perhaps the greatest pains come from trying to investigate existing cases. A police department investigator, Matthew Condland, whose 105,000 files were corrupted, cited the attack as the primary reason he has yet to produce a key piece of evidence. Others expressed dismay over the dissemination of information since the attack, even though Atlanta implemented a new employee notification system, NotifyATL, after the attack.

The website's information for employees section explains that NotifyATL "will be used to inform you of critical work-related information by text, email and phone calls. If you have not yet registered, please do so. NotifyATL will be used for notifications in the future, so all employees will need to register to receive these work-related alerts. Go to the employee alert portal (bit.ly/CoA-Employee-Alerts) and click the sign-up link."

What’s Hot on Infosecurity Magazine?