back to article City of Atlanta's IT gear thoroughly pwned by ransomware nasty

IT systems used by the City of Atlanta, in the US state of Georgia, have succumbed to a ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk. At a press conference held on Thursday afternoon, Atlanta Mayor Keisha Lance Bottoms said the …

  1. Doctor Syntax Silver badge

    "Payroll systems for city employees is not affected, he said."

    Like I keep saying, the essential requirement for a good sysadmin is a strong sense of paranoia. There's nothing like your payroll system for encouraging that.

    1. Amos1

      If you've ever worked for a government it's usually a matter of cost. They don't want to pay for the controls but will pay for the mess cleanup.

      1. Doctor Syntax Silver badge

        "They don't want to pay for the controls but will pay for the mess cleanup."

        It's actually a matter of choice. They have a choice about paying for controls, they have no choice about paying to clean up the mess.

        1. From the States

          How comes there's never time to do it right the first time but there's always time to fix it?

      2. ma1010 Silver badge

        @Amos1

        It's not just government. Anything controlled by beancounters is vulnerable.

        1. 6th

          Re: @Amos1

          I think working with accountants is great honestly. They make sure the numbers line up and nothing obviously shonky is going on. Number counters aren't the problem, it's the nutters with the account numbers that are. Yes. Management.

      3. AlPar

        They pay for it, but only a small percent of users actually adopt security practices. 33 million a year is not a small budget for the IT department.

        http://citycouncil.atlantaga.gov/standing-committees/2018-proposed-budget

  2. Blofeld's Cat
    Devil

    Hmm ...

    Previously, in a parallel universe...

    Mayor: "IT say we need to upgrade our security."

    Beancounter: "There's no budget for that."

    Mayor: "Our systems could be compromised."

    Beancounter: "Frankly my dear..."

    1. AlPar

      Re: Hmm ...

      A city of 5 million, a IT budget of 33 million a YEAR!

  3. 101
    Headmaster

    Just asking...

    So then, they don't have an offline backup???

    1. rmason Silver badge

      Re: Just asking...

      @101

      They probably do have a backup.

      Best case scenario is this:

      They have to flatten and re-image every computer effected, you just can't be sure otherwise, then data is restored from backups. That's not an instant process.

      worst case is no backups.

      What happens more frequently than people admit though is a wonderful middle ground.

      These attacks work because they are quick and they encrypt remote files (files in shares the user has access to) *first* before they do the local stuff. They only pop up with the demand when finished.

      Now what has happened is some low level grunt has been dispatched because 5 or 10 people have said something along the lines of "my shortcuts have stopped working" or "my documents have gone". This means it's done and dusted and they are only noticing because stuff they have saved locally on their desktop stops working, or they have shortcuts to documents that now no longer work.

      Before it is understood what has happened the poor soul is trying to appease someone and "get their documents back, this HAS to be done now". To do this they have just connected the backup drive(s) to a server and logged on. OK, I doubt they are using USB drives to backup here, but you'd be amazed just now many places do.

      Guess what this does?

      That's right. Your most recent backup is now encrypted. It takes seconds, and it's done while your user profile is loading.

      This is the exact time someone still fielding calls and checking emails twigs is desperately trying to reach techie #1 on their mobile to "just check" they aren't connecting backup drives because of the fuss finance made an hour ago regarding missing spreadsheets.....

    2. 2Nick3 Bronze badge

      Re: Just asking...

      Step 1 is to stop the infection from getting worse. Restoring data into an infected environment just wastes CPU cycles as the restored data is encrypted.

      Only after you get your environment clean can you start doing the recovery activities. If you have one of the Ransomware variants that put your systems into an unbootable condition you will be reimaging systems or performing BMR recoveries, both of which are slower and more labor intensive than restoring data.

      Reimaging Windows machines is particularly painful, as you will likely have to install numerous patches that aren't part of the base image - how many Tuesdays old is it? Then of course you need to make sure your security software is up to date (or pick a new one...).

      What a mess - there are a lot of people who aren't going to have lives outside of the office for a while down in Atlanta. Many of whom had no ability to avoid this situation.

    3. sanmigueelbeer Silver badge

      Re: Just asking...

      they don't have an offline backup???

      Surely you jest, right?

  4. Anonymous Coward
    Anonymous Coward

    Unfortunate names

    So the mayor is called Lance Bottoms and the COO is Richard "Dick" Cox?

    1. Anonymous Coward
      Anonymous Coward

      Re: Unfortunate names

      Atlanta is one of the “smaller” states so they have to compensate

      1. Anonymous Coward
        Anonymous Coward

        Re: Unfortunate names

        Er...You must not be Mirkin' because Atlanta is one of the "larger" cities. Oh! You meant Atlantis?

    2. Phil Kingston Silver badge

      Re: Unfortunate names

      Agreed, something's not right there

  5. MooJohn

    Payroll wasn't affected

    Because it is most likely outsourced! And probably to a company with actual tested ransomware mitigation tactics in place. You would think that a city with a combined population of over 5.5 million people would have a more capable, proactive IT staff.

    1. Anonymous Coward
      Anonymous Coward

      Re: Payroll wasn't affected

      You would think that a city with a combined population of over 5.5 million people would have a more capable, proactive IT staff.

      Why?

      Personally, i'd expect an ITIL enviroment. 5-10 clueless geeks on the minimum wage. 1 embittered ex first line helldesk veteran managing them, half a dozen second line techs being paid about half the market rate for 2nd line techs (and therefore of dubious quality) and one or two third line techs being paid decent amounts who keep the place going. Maybe with a grizzled greyhaired ex tech as manager.

      Plus about a dozen managers for the above, all of whom are political appointees from the employer with no technical knowledge and who are not competent to be making technical decisions, but who have all of the authority for making the decisions.

      1. Anonymous Coward
        Anonymous Coward

        Re: Payroll wasn't affected

        I think you're talking about my place of work.

  6. Anonymous Coward
    Anonymous Coward

    This is a very serious situation

    She only said that because people were giggling.

  7. Chozo
    Pirate

    I be curious shipmates

    Was Roman Seleznev (one of the hackers that siphoned $9 million from Atlanta based credit card company Worldpay ) due to appear in court this week?

    Normally I would check the online records but the site appears to be down....

  8. Anonymous South African Coward Silver badge

    This is the nightmare of every IT sysadmin out there...

    1. Anonymous Coward
      Anonymous Coward

      I agree wholeheartedly. I'm glad that is not my area of responsibility. The recent ElReg article on the state of IT security in Michigan highlights what a challenge it is.

      1. Doctor Syntax Silver badge

        "The recent ElReg article on the state of IT security in Michigan highlights what a challenge it is."

        Especially when the overall conclusion of that assessment was on the lines of "could be worse".

  9. Anonymous Coward
    Anonymous Coward

    Privliged city leaders with no real education

    Those in charge use fancy lingo picked up at seminars they use to push each individual resume and paint how each is a professional, all while obtaining 200k paychecks at your expense. None have worked for profit, only as moochers with unlimited tax funds. I bet you look at the staffing model, the annual unlimited budget spends, and how each staff member is allowed apple tablets, expensive cellphones, full blown non controlled laptops, and free mobile wifi. All the while the suggestions from the real IT are unheard, ignored, and avoided because they don't want change. How long has Virtual been out? I am willing to bet they spend more money a year than three similar sized service companies on NEW junk and Old ways. Just to look Good...... Happy job hunting you idiots

  10. Gordon Pryra

    anyone who has given personal information to the City of Atlanta online

    This is a bit rich, considering that most people are being forced by the various Governments of the world to use their online services or face massive hassle.

    Anyway, I don't understand how this screw up could be putting the personal information of employees and citizens at risk.

    The data has been encrypted, most likely by someone with elevated privileges (because they are important and needs it on their single account) hitting every network share with the virus.... not stolen

    The people who have the private key don't have access to the data itself.

  11. Tejekion

    If they REALLY go "Full Sherman", then Augusta, and Savannah may be in trouble!

    They will take their march to the sea! In fact, didn't Tecumseh and his men turn north and battle their way back to DC? This is too funny. Sherman's march to the sea has always been one of favorite subjects, not only in history, but also in school period. And given the shite that I received from the so called Veteran's Services in Atlanta(Not the hospital, they treated me great!), I hope they get hacked too!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019