On March 22, city officials across multiple departments in the Atlanta municipality were rendered dead in the water as a ransomware known as SamSam spread through the city’s computer system, encrypting files and locking them out of their computers. While not all departments or computers were hit, a total of 5 of the 13 departments in the city were impacted, causing pandemonium and essentially shutting down wide swaths of the city’s operations. In the days since, workers and officials have struggled to get back on their feet, cobbling together data from emails accessed on their phones, sharing clunky old computers and reverting back to old-school style with paper reports and handwritten records. The virus renamed and encrypted files, and some computers have yet to be turned on, leaving their owners unsure whether or not they will have any files to access when they finally do. Hackers are demanding a payment of $51,000 in bitcoin, which is thus far unpaid, in accordance with the FBI’s guidelines for responding to ransomware attacks.

What’s most interesting about this attack, aside from its ability to cripple an entire city, is how it was perpetrated — as well as what its success implicates for the future of ransomware attacks. To learn more about the Atlanta ransomware attack and why it matters to everyone, we’re digging into the story.

Who does this attack put at risk?

So far, it’s believed that no private data of Atlanta citizens has fallen into the wrong hands, but given the nature of ransomware attacks, it’s impossible to be certain. Among the departments in the city that were shut down by the Atlanta ransomware attack are the water department, courts and some aspects of the police department. This, of course, will likely lead to plenty of issues affecting employees and residents alike. Ransomware attacks can be expensive for victims — take, for example, Erie County Medical Center in New York. It refused to pay the $30,000 ransom issued by attackers last year, and in the end 6,000 computers were wiped and the total cost to recover was around $10 million. As an entire city with multiple departments impacted, Atlanta could face a far costlier cleanup.

How is the Atlanta ransomware attack different?

This might seem like a case of same story, different location to those who can remember other high-profile ransomware attacks in recent years, but this one is a bit different in terms of how the attack originated. Rather than using social engineering techniques like phishing to gain access to the city’s system, the perpetrators exploit vulnerabilities in the system or guess weak passwords in public-facing systems, then use tools like password crackers to gain further access and eventual control. It is believed that either a single group or a network of related attackers deploy SamSam, and so far they have been quite successful, collecting around $1 million in ransoms since Dec. 2017. Furthermore, the group keeps tabs on the public response to the breach. When the payment portal for the ransom was disclosed by local news media, the group took it down, helping to further conceal their identities and prevent law enforcement from catching up to them.

Why it should matter to everyone

Atlanta residents and, especially, city officials are certainly on high alert due to this attack, but most people across the U.S. likely view it as just another news story. However, it’s important to understand that these types of attacks are worth paying attention to whether they directly impact you or not, because ransomware is an ever-growing threat that could hit your city (or school, or hospital, or office or even your home) next. Like hospitals and many of the other popular targets for ransomware attacks, most cities are a blend of old and new, with plenty of vulnerabilities for intrepid hackers to take advantage of. In fact, Atlanta recently failed a compliance audit on its cybersecurity, which warned that it was at high risk for attacks, and it was starting work on making improvements in the months before the attack. Because the group behind SamSam has yet to be identified or caught, it’s more than likely that it will strike again, and potentially pick another high-profile target like Atlanta. The issues plaguing the institutions that have fallen victim to ransomware in recent years are shared by many across the country, and it will require a lot of work (and money) to beef up and upgrade cybersecurity systems to protect their systems and the files contained within them.

While you can’t protect yourself from a ransomware attack that targets companies or institutions who have your information, you can protect yourself by practicing smart cybersecurity. If you want to keep on top of your security online, be sure to follow our technology blog.