The city of

Atlanta Atlanta ( ) is the capital and most populous city of the U.S. state of Georgia. It is the seat of Fulton County, the most populous county in Georgia, but its territory falls in both Fulton and DeKalb counties. With a population of 498,7 ...

Georgia Georgia most commonly refers to: * Georgia (country), a country in the Caucasus region of Eurasia * Georgia (U.S. state), a state in the Southeast United States Georgia may also refer to: Places Historical states and entities * Related to the ...

was the subject of a

ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...

attack which began in March 2018. The city recognized the attack on Thursday, March 22, 2018, and publicly acknowledged it was a

attack. Due to Atlanta's national importance as a transportation and economic hub, the attack received wide attention and was notable for both the extent and duration of the service outages caused. Many city services and programs were affected by the attack, including utility, parking, and court services. City officials were forced to complete paper forms by hand. On November 26, a

grand jury A grand jury is a jury—a group of citizens—empowered by law to conduct legal proceedings, investigate potential criminal conduct, and determine whether criminal charges should be brought. A grand jury may subpoena physical evidence or a p ...

indicted two

Iran Iran, officially the Islamic Republic of Iran, and also called Persia, is a country located in Western Asia. It is bordered by Iraq and Turkey to the west, by Azerbaijan and Armenia to the northwest, by the Caspian Sea and Turkmeni ...

ian hackers, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, for the attack. The

Department of Justice A justice ministry, ministry of justice, or department of justice is a ministry or other government agency in charge of the administration of justice. The ministry or department is often headed by a minister of justice (minister for justice in a ...

alleged that Savandi and Mansouri are part of the

SamSam ''SamSam'' is an animated television series based on a character created by Serge Bloch and directed by Tanguy de Kermel in association with Bayard Presse. His son inspired him to base the program's eponymous character on him. The series has g ...

group; that the SamSam group is based out of Iran; and that the pair created SamSam Ransomware, the malware used in the attack. There are no affiliations with the government of Iran.

Approach and attack

Leading up to the attack, the Atlanta government was criticized for a lack of spending on upgrading its IT infrastructure, leaving multiple vulnerabilities open to attack. In fact, a January 2018 audit found 1,500 to 2,000 vulnerabilities in the city's systems, and suggested that the number of vulnerabilities had grown so large that workers grew complacent. The virus used to attack the city was the SamSam Ransomware, which differs from other

in that it does not rely on

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...

, but rather utilizes a

brute-force attack In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correc ...

to guess weak passwords until a match is found. It is known to target weaker IT infrastructures and servers. The ransomware has prominently been behind attacks on medical and government organizations since its discovery in 2016, with previous attacks on targets ranging from small towns such as

Farmington, New Mexico Farmington is a city in San Juan County in the U.S. state of New Mexico. As of the 2020 census the city had a total population of 46,624 people. Farmington (and surrounding San Juan County) makes up one of the four Metropolitan Statistical Area ...

to the

Colorado Department of Transportation The Colorado Department of Transportation (CDOT, pronounced See Dot) is the principal department of the Colorado state government that administers state government transportation responsibilities in the state of Colorado. CDOT is responsible f ...

and the

Erie County Medical Center Erie County Medical Center (ECMC) is a hospital with 550 beds located in the East Side of Buffalo, New York and a member of the Great Lakes Health System. It is the primary teaching hospital for the University at Buffalo. It is also a New York S ...

. It can also bypass

antivirus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...

. Despite no suspects being identified or indicted until November 2018, the SamSam hackers were described as "opportunistic". On March 22, at 5:40 AM, the Department of Atlanta Information Management first learned of outages on various internal and customer applications “including some applications customers use to pay bills or access court related information,” according to Richard Cox, the city's interim Chief of Operations. Soon afterward, the city shut down many of its digital services in an attempt to control the situation, including its court system database and the wi-fi at

Hartsfield–Jackson Atlanta International Airport Hartsfield–Jackson Atlanta International Airport , also known as Atlanta Hartsfield–Jackson International Airport, Atlanta Airport, Hartsfield, Hartsfield–Jackson and, formerly, as the Atlanta Municipal Airport, is the primary internatio ...

. The city eventually identified it as a ransomware attack.

Aftermath and recovery efforts

This hack was notable as it was the largest successful breach of security for a major American city by ransomware, potentially affecting up to 6 million people. Following the attack, the city of Atlanta cooperated with the FBI,

Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-ter ...

, and

Secret Service A secret service is a government agency, intelligence agency, or the activities of a government agency, concerned with the gathering of intelligence data. The tasks and powers of a secret service can vary greatly from one country to another. Fo ...

and hired security firms such as SecureWorks to investigate, and many government computers were advised to stay powered off until 5 days later. Though the city declared that there was little to no evidence that personal data had been compromised, later studies show that the breach was worse than originally estimated. In June 2018, it was estimated that a third of the software programs used by the city remained offline or partially disabled. In addition, many legal documents and police dashcam video files were permanently deleted, though the police department was able to restore access to all its investigation files. For a while, residents were forced to pay their bills and forms by paper. In response to this hack, Atlanta devoted $2.7 million to contractors in order to recover, but later estimated it would need $9.5 million. On November 26, 2018, the Department of Justice indicted two Iranian hackers for the attack, charging that Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were part of the SamSam group and created SamSam Ransomware.

References

{{Hacking in the 2010s 2018 in Georgia (U.S. state) 2018 in Atlanta Crime in Atlanta

March 2018 crimes in the United States Ransomware Aviation security Events in Atlanta Transportation disasters in Georgia (U.S. state) Computing-related controversies and disputes Attacks on government buildings and structures Attacks on transport 2010s internet outages