US officials struggle to restore systems after Atlanta cyber attack

ATLANTA • Atlanta's top officials holed up in their offices as they worked to restore critical systems knocked out by a nine-day-old cyber attack that plunged the southeastern US metropolis into technological chaos and forced some city workers to revert to paper.

On the Easter and Passover holiday weekend, city officials laboured in preparation for the work week to come.

Police and other public servants have spent the past week trying to piece together their digital work lives, recreating audit spreadsheets and conducting business on mobile phones in response to one of the most devastating ransomware attacks to hit an American city.

Three city council staff have been sharing a single clunky personal laptop, brought in after cyber extortionists attacked Atlanta's computer network with a virus that scrambled data and still prevents access to critical systems.

"It's extraordinarily frustrating," said councilman Howard Shook, whose office lost 16 years of digital records.

One compromised city computer showed multiple corrupted documents with "weapologize" and "imsorry" added to file names.

Ransomware attacks have surged in recent years as cyber extortionists move from attacking individual computers to large organisations, including businesses, healthcare organisations and government agencies. Previous high-profile attacks have shut down factories, prompted hospitals to turn away patients and forced local emergency dispatch systems to move to manual operations.

Ransomware typically corrupts data and does not steal it. The city of Atlanta has said that it does not believe private residents' information is in the hands of hackers, but they do not know for sure.

City officials have declined to discuss the extent of damage beyond disclosed outages that have shut down some services at municipal offices, including courts and the water department.

Nearly six million people live in the Atlanta metropolitan area. The city of Georgia itself is home to more than 450,000 people, according to the latest data from the United States Census Bureau.

City officials said that police files and financial documents were rendered inaccessible by unknown hackers who demanded US$51,000 (S$67,000) worth of bitcoin in exchange for digital keys to unlock scrambled files.

Mayor Keisha Lance Bottoms, who took office in January, has declined to say if the city paid the ransom ahead of a March 28 deadline mentioned in an extortion note, whose image was released by a local television station.

The Federal Bureau of Investigation, which is helping Atlanta respond, typically discourages ransomware victims from paying up.

Hackers typically walk away when ransoms are not paid, said Mr Mark Weatherford, a former senior cyber official at the Department of Homeland Security.

He added that the situation might have been resolved with little pain if the city had quickly made that payment. "The longer it goes, the worse it gets," he said.


A version of this article appeared in the print edition of The Straits Times on April 02, 2018, with the headline 'US officials struggle to restore systems after Atlanta cyber attack'. Print Edition | Subscribe