Saturday, March 24, 2018

Disrupted Services, Platitudes and Gibberish, Commercial and Federal Fustercluckery...,


11Alive |  "We don't know the extent of the attack," said Atlanta Mayor Keisha Lance Bottoms in a Thursday afternoon press conference.

New Atlanta COO Richard Cox said public safety, water and airport operations departments have not been affected.

Officials also said Thursday afternoon they are working with the FBI, U.S. Department of Homeland Security, Cisco cybersecurity officials and Microsoft to determine what information has been accessed and how to resolve the situation.

Bottoms said everyone who has done business with the city is potentially at risk, and advised businesses and consumers to check their bank accounts.

"City payroll has not been affected," Cox said, "and we have not determined that City Hall will need to be closed on Friday."

Multiple sources confirmed to 11Alive earlier on Thursday that various city systems have been impacted by the ransomware attack.

According to a statement from the city, its computers are "currently experiencing outages on various internal and customer facing applications, including some applications that customers use to pay bills or access court-related information. 

"At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue. We are confident that our team of technology professionals will be able to restore applications soon. Our city website, Atlantaga.gov, remains accessible and we will provide updates as we receive them.”

Emails have been sent to city employees in multiple departments telling them to unplug their computers if they notice suspicious activity. Professor Green said that directive and the note itself is indicative of a serious ransomware attack.

One expert said based on the language used in the message, the attack resembles the "MSIL" or "Samas" (SAMSAM) ransomware strain that has been around since at least 2016.

According to the U.S. Department of Justice, the SAMSAM strain was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application.