Reuters reported last week week that the ransomware attack suffered by the city of Atlanta in March was proving costlier than initially thought. City officials told the news agency that the strike continued to disrupt Atlanta’s “mission critical” applications even after its discovery, as the pestilence had not been fully contained.
As evidenced by the WannaCry and Petya incidents in 2017, ransomware has become one of the biggest threats to enterprises and governmental infrastructures alike. Once bad actors gain a foothold in the targeted infrastructure, whether through a known bug or social engineering, ransomware can wreak havoc – especially when equipped with a wormable component that lets it spread laterally.
The Atlanta incident
In March, Atlanta’s administrators couldn’t tell the press what type of ransomware was involved in the strike, confirming only that they’d refused to pay the attackers the demanded ransom of the equivalent to $51,000 in Bitcoin.
However, new details about the incident are surfacing. For instance, Information Management head Daphne Rackley tells reporters that around 400 software programs used by the city have been either thrown offline or crippled, and that a third of the impacted applications affect core city services, including police and courts. These applications, per Rackley’s account, are considered “mission critical” for the city.
Speaking to Atlanta’s City Council, which must decide on its fiscal 2019 budget by the end of the month, Rackley said the city would need an extra $9.5 million in the coming year to recover from the incident, on top of the $35 million Mayor Keisha Lance Bottoms suggested for the technology department in her budget pitch, Reuters reported.
The tally of damage, however, goes beyond the numbers. Interim City Attorney Nina Hickson told reporters she lost a decade of legal documents when the ransomware attack compromised 71 of 77 computers in her office. One can only guess the financial impact of this single rumpus.
The hack also encrypted police dash-cam recordings, rendering them useless, and city administrators said they were still working to determine the total costs of the incident. City Council President Felicia Moore suggested some of the rising costs were due to how little information was made available about the cyber-attack upon initial investigation.
Ransomware as a business
The Atlanta case is just one of many such incidents reported in the last year. Hospitals, the education sector, utility infrastructures, and international shipping services are just some of the industries heavily battered by ransomware. Shipping giant Maersk alone suffered an estimated $300 million in damages after WannaCry infected its systems last year.
In a similar attack, where bad actors randomly selected targets mainly to cause disruption, the Petya ransomware strain (also known as GoldenEye or NotPetya) was used to inflict around $1 billion in damages to its victims. The costs were mainly associated with disruption. Only a fraction of this number represented actual ransom money paid out to the attackers – as is typically the case with global-scale ransomware attacks.
Everyone is a target
Because of its lucrative nature – enabling attackers to remain anonymous while demanding large sums of cash to decrypt the data held hostage – bad actors are stepping up their game, seeking to hone their techniques while increasing their demands.
Laws like the European General Data Protection Regulation (GDPR) are only adding to the pressure to protect critical infrastructures, as non-compliance will add hefty fines to the tally.
From a cybersecurity standpoint, ransomware is quickly becoming the #1 threat globally. Never has it been more “mission-critical” to have an incident response plan in place, as well as the necessary threat detection mechanisms to prevent a contagion from spreading. And because of the many attack vectors available to hackers – from phishing schemes to unpatched endpoints – anyone can fall victim to ransomware.