Atlanta Ransomware Cyberattack: Will City Pay Hackers to Regain its Files?

The City of Atlanta is probing the extent of a ransomware cyberattack on several customer-facing networks which has encrypted some data and demanded a payment in cryptocurrency for its return, officials confirmed Thursday.

In a series of updates published to Twitter, it emerged that billing systems and court networks had been impacted on March 22. Later, CBS46 published images of the ransom on a computer screen, which was asking for 0.8 bitcoin ($6,780) for each affected PC or 6 bitcoin ($50,800) to unlock every compromised machine.

A note provided city officials with a step-by-step guide on how to pay, linking to a website URL hosted on the dark web. But at a press conference led by city mayor Keisha Bottoms, officials confirmed that they are still attempting to understand the extent of the incident, together with experts from Cisco and Microsoft.

"The City of Atlanta has experienced a ransomware cyberattack," confirmed chief operating officer (COO) Richard Cobbs during the briefing. "This attack has encrypted some of the city data, however we are still validating the extent of the compromise." It remains unknown what strain of ransomware was used in the attack.

A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack on June 27, 2017 in Geldrop. ROB ENGELAAR/AFP/Getty Images

Police officials confirmed that emerging 911 response was not impacted but said the department had reverted to making pen-and-paper reports out of caution.

An official statement read: "The City of Atlanta is currently experiencing outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information.

"At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," it added. "We are confident that our team of technology professionals will be able to restore applications soon."

Mayor Keisha Bottoms said the FBI and Department of Homeland Security (DHS) had been informed of the cyberattack and urged all Atlanta residents "to be vigilant."

On the option of paying the ransom, Bottoms said: "We can't speak to that right now, we will be looking for guidance specifically from our federal partners on how best to navigate the best course of action. Right now, we are focused on fixing the issue.

"The explanation is simple, we don't know the extent. I would ask that people assume you may be included if personal data has been breached. We don't know if it's information related to just our employees or if it's more extensive than that. Because we don't know, I think it would be appropriate for the public to be vigilant checking their accounts and making sure credit agencies can also be notified."

Security experts and law enforcement officials do not typically recommend paying the ransom demands of digital crooks—but acknowledge it's a complex scenario.

In a major 2016 advisory on the subject, the FBI said: "Paying a ransom does not guarantee the victim will regain access to their data; in fact, some individuals or organizations are never provided with decryption keys after paying a ransom.

"Paying a ransom emboldens the adversary to target other victims for profit and could provide incentive for other criminals to engage in similar illicit activities for financial gain," it continued. "While the FBI does not support paying a ransom, it recognizes executives, when faced with inoperability issues, will evaluate all options to protect their shareholders, employees, and customers."

Luckily, there are some cross-industry initiatives including No More Ransom which can help victims recover from some strains of ransomware attack. In 2016, a U.S. hospital in Los Angeles paid $17,000 for its files to be restored after infection.

Ransomware caused a global alert last year after a variant dubbed WannaCry quickly spread to hundreds of thousands of computers across the world.