Atlanta spent more than $2.6 million on recovery efforts to recover from a ransomware attack, which crippled a sizable part of the city’s online services. The ransom was set at around $55,000 but according to the newly published emergency procurement figures, Atlanta spent around fifty-times that amount in incident response, recovery and crisis management. The cost goes beyond the ransom – the real cost is that you have to solve the attack before you can work again.
If a ransomware could lock out city officials, employees and constituents from many city services in Atlanta, what can a small business do to save important files and secrets?
SkyFlok backs up all your valuable files and uploads them from your computer or phone directly to Cloud locations and providers of your choice. By storing all your file versions, SkyFlok allows you to go back to any previous version of the file and bypass encrypted versions from a ransomware attack.
The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price.
But it’s understood that the ransom was never paid — because the portal used to pay the ransom (even if the city wanted to) was pulled offline by the ransomware attacker.
According to newly published emergency procurement figures, the city spent around fifty-times that amount in response to the cyberattack.
Between March 22 and April 2, the city spent $2,667,328 in incident response, recovery, and crisis management. (Hat tip to Ryan Naraine for tweeting out the link.)
Among the costs, Atlanta spent $650,000 on hiring local security firm Secureworks for emergency incident response services, and an additional $600,000 on advisory services from Ernst & Young for cyber incident response.
The city also spent $50,000 to hire Edelman, a public relations firm specializing in crisis response management — in other words, trying to make things look less bad than they actually are.
It’s not known if additional, unreported costs were involved in the ransomware clean-up.
When reached, a spokesperson for the city did not immediately respond to several questions we had. If that changes, we’ll update.
Last month we reported that Atlanta narrowly missed out falling victim to another cyberattack in 2016, when the now-infamous WannaCry ransomware attack spread across the globe.
Speaking to ZDNet at the time, Jake Williams, founder of cybersecurity firm Rendition Infosec, said that the city’s networks were left unpatched for weeks — making them vulnerable to ransomware attacks.
He found that at least five internet-facing city servers were infected with the NSA-developed DoublePulsar backdoor in late April to early May 2017. That was more than a month after Microsoft released critical patches for the exploits and urged users to install.
Based on his data, he said that the city “had a substandard security posture” at the time.