This article is an excerpt from GovLoop’s recent guide, “Understanding the Dangers to Your Cybersecurity.” Download the full guide here.
Ransomware is a troubling tactic increasingly used against agencies. It’s malicious software that freezes computers and computer-controlled equipment until the victim pays a ransom to the executor.
All agencies are vulnerable to ransomware. At best, it disrupts public services until they can resolve an attack. At worst, it interrupts government functions while forcing agencies to pay their attackers.
Cybercriminals use ransomware to turn a profit, but it’s also quickly becoming a weapon that foreign governments, cyberterrorists and other antagonists use. That’s particularly dangerous because it may affect national security or public safety.
Regardless of the attacker, ransomware is a growing menace to agencies that the public is just starting to understand.
Atlanta is an example of the chilling effect that ransomware can have on governments anywhere, regardless of their size.
According to DOJ, two Iranian nationals executed a ransomware attack against Atlanta’s city government on or about March 10, 2018, that lasted about 12 days. The attack impaired major government services and caused millions of dollars in losses.
The ransomware, known as “SamSam,” used in the attack infected roughly 3,789 computers, including servers and workstations, belonging to Atlanta’s city government, DOJ said.
Once deployed, the ransomware encrypted the files associated with each infected computer before displaying a ransom note. Information on the infected machines was effectively locked until the ransom was paid and users received a decryption key.
In December 2018, a federal grand jury indicted Faramarz Shahi Savandi and Mohammed Mehdi Shah Mansouri for the incident, DOJ said in December 2018.
The indictment – filed in the U.S. District Court for the Northern District of Georgia – charged both men with intentional damage to protected computers located in Atlanta that caused losses exceeding $5,000.
The charges also allege that the pair affected more than 10 protected computers and threatened public health and safety.
Kimberly A. Cheatle, Special Agent in Charge of the Secret Service’s Atlanta Field Office, said that the incident is a teachable moment for agencies nationwide.
“This case serves as a reminder, particularly during the holiday season, to ensure protocols related to cyber hygiene are observed,” she said in December 2018. “The Secret Service appreciates the level of cooperation and information sharing throughout this investigation by all law enforcement partners which led to this indictment.”
The latest Census Bureau (USCB) data available at the time of the attack shows the impact that such incidents can have on citizens. Atlanta had an estimated population of about 486,000 people before the incident, meaning all those people may have lost the public services their tax dollars pay for during the ransomware holdup.