Atlanta pays $2.6 million for cybersecurity issues stemming from $51,000 ransomware attack
Following a ransomware attack in March, Atlanta has spent over $2 million to ensure that the city will be well protected against cyberattacks in the future.
On March 22, the SamSam ransomware attack struck Atlanta, causing outages across city servers, American City & County reports. The perpetrators demanded $51,000 in Bitcoin as ransom to stop the attack.
City employees have struggled to recover from the attack in the weeks since. One council member lost 16 years worth of digital data, and some city employees were still using paper forms 10 days after the attack first struck, according to The Hill.
To some officials, the susceptibility may not have come as a surprise. City auditor records show that Atlanta had failed a security compliance assessment in January, Wired reports.
“Dedicating resources to formalize and document information security management processes would prepare the city for certification, and, more importantly, provide assurance that the city is adequately managing and protecting its information assets,” the audit report states, per Wired.
While Atlanta officials never paid the SamSam ransom, the city has hefty bills to pay from the attack’s fallout and recovery from it, according to ZDNet.
Between March 22 and April 2, the city procured eight emergency contracts that valued $2,667,328, Wired reports. The city spent an additional $50,000 on crisis communication services from communications marketing firm Edelman and $600,000 on incident response consulting from professional services firm Ernst & Young.
"What Atlanta paid is maybe not a bargain, but I think they probably did pretty well," Chris Duvall, senior director of The Chertoff Group (which specializes in risk management) told Wired.
Among the $2.6 million include emergency incident response services from local security firm Secureworks, $60,000 to Cisco Security Incident Response Services and $60,000 from surge support staff augmentation from managed security service provider Mosaic451, the Christian Science Monitor reports.
The cost isn’t necessarily abnormal given the circumstances, however.
"Emergency support and overtime costs phenomenally more than just handling the issues," said Jake Williams, founder of cybersecurity firm Rendition Infosec. "In other words, upgrades that might have cost $100,000 in normal budgeting might cost $300,000-plus in emergency spending during an incident."