Updated IT systems used by the City of Atlanta, in the US state of Georgia, have succumbed to a ransomware attack, cutting off some online city services and potentially putting the personal information of employees and citizens at risk.
At a press conference held on Thursday afternoon, Atlanta Mayor Keisha Lance Bottoms said the extent of the attack remains unknown and is under active investigation. "This is a very serious situation," she said.
She advised anyone who has given personal information to the City of Atlanta online that would have been stored in its servers to be vigilant about the potential misuse of that data and to check their online accounts for suspicious activity.
Richard Cox, Atlanta's new COO, said Atlanta officials were made aware of the outage at 0540 on Thursday and that the incident has affected both public and internal applications used by the city.
"The City of Atlanta has experienced a ransomware cyber attack," he said. "This attack has encrypted some of the city data. However we are still validating the extent of the compromise."
Applications for paying city bills and accessing court information online have had outages, Cox said, while the departments responsible for public safety, water services operation and the airport are operating without incident.
Payroll systems for city employees is not affected, he said.
Cox said that the Atlanta officials are working with the FBI and the Department of Homeland Security, along with teams from Microsoft and Cisco, to investigate the attack.
Asked whether the city intends to pay the ransom, Mayor Bottoms said that hasn't been determined. ®
Updated to add
Atlanta NBC affiliate WXIA reports that a screenshot provided by a city employee reveals the attackers want $51,000 to unlock the data. The news station says the malware involved resembles the “MSIL” or “Samas” (SAMSAM) ransomware strain that has been circulating since at least 2016.