Atlanta ransomware attackAtlanta, car-clogged highways aside, is the elegant, magnolia-draped metropolis of the South: cosmopolitan, visionary, and Olympic caliber. But, for a few days in March 2018, the daily rhythms of governmental life came to a screeching halt. Water bill payments couldn’t be processed online, the 2,000-member Atlanta Police Department was reduced to filing paper reports, and the court system might as well have been using quill and ink to issue decrees.

What happened? SamSam.

SamSam is a common ransomware that’s currently circulating, most often targeting cities and large institutions. The hackers held Atlanta’s systems hostage for more than a week, demanding six bit coins (valued at around $51,000) to release their hold on the city. Atlanta recovered from the ransomware attack (they never said whether the ransom was paid), but the cost of the lost time and services soared into the millions.

Could it happen in your city? Depends on where you live. Bigger doesn’t always mean better.

Helping cities of all sizes

Georgetown, Kentucky  is dwarfed by Atlanta. But in some ways this robust city of 34,000 is better prepared to weather the type of attack that crippled the much larger metropolis. Georgetown is located 16 miles north of Lexington, the state capital. It is home to the sprawling Toyota Manufacturing of Kentucky plant, which employs more than 8,000 people from line workers to cooks. Practically within sight of the futuristic car lines are the pastoral, white-fenced rolling horse farms that have been home to some of the most famous thoroughbreds.

In 2012 and 2013 Georgetown’s city staff was roiled with exits. There was a vacancy in the city manager’s office, and the city’s IT director left. City attorney Andrew Hartley stepped in to fill both voids. He considered himself knowledgeable on IT issues, but not an expert, which is another reason he brought in an MSP, Lexington-based NetGain Technologies, led by Barracuda-certified engineers.

The main advantage of an MSP is the economy of scale. Having a managed service provider allows me to leverage many professionals to solve problems and build and maintain a secure infrastructure,” Hartley, the Chief of Staff and attorney for the city of Georgetown told Smarter MSP. Hartley says that Georgetown has 200 city employees and nine separate networked facilities spread across the city.

Once he had his MSP team in place, Hartley set about working with them to basically rebuild the city’s cybersecurity defenses from scratch. One of the primary focuses was on disaster recovery, whether that disaster was a tornado or a manmade one like the SamSam attack on Atlanta.

“One of the things our MSP has helped me understand is the concept of disaster recovery. As we all know, it’s not if but when disaster will strike, particularly in the IT world. No one is immune,” Hartley says.

Costs beyond disaster recovery

Hartley says that NetGain Technologies holds quarterly business reviews where they discuss best practices, gauge disaster readiness, and identify potential security risks. One of the issues that a municipality has to sort through is not just the cost of disaster recovery but also recovery time, because, especially in governmental work, time is currency in itself.

“Cities need to think not just about whether their data is safe from hackers, natural disaster, and inevitable hardware failures, but also how long they can stand to be without access to their data,” Hartley says, adding that the best solutions involve segregated redundant servers in separate locations.

“If a primary server goes down — say one that runs a city’s finance and accounting software — the MSP can make a few changes, flip a few switches, and the city is back up and operating in a few hours with minimal loss of data,” Hartley says.

These solutions can be expensive, Hartley says, but there are lots of variables that can be adjusted to save costs.

“A good MSP will understand their client’s budget and help craft the solution that works for them,” Hartley says.

 An area of emerging technology that looks promising , Hartley says, is offline backup.

“Additional storage is cheap, relatively speaking. Keeping the data out of the hands of hackers is much more expensive,” Hartley says, adding that offline back up is much less prone to intrusion.

MSP knowledge sharing

Alan Crowetz is the CEO and President of Infostream, an MSP in West Palm Beach, Florida. Infostream handles municipal services and conducts IT audits for small cities and towns throughout the Treasure Coast region of Florida, making sure their cyberdefenses are working.

In addition to advantages outlined by Hartley, Crowetz told Smarter MSP that MSPs also offer cities  a more holistic view of the IT landscape. Two cities may be dealing with the same problem but they wouldn’t know it. If an MSP is involved that knowledge can be more easily shared and relayed. It’s not uncommon, Crowetz says, for cities to be experiencing the same problems at the same time.

“Yet unlike many other IT experts, city IT supervisors don’t seem to really talk to each other. City A may have solved and dealt with an issue that Cities B, C, D, E, and F are struggling with, but no one thinks to call City A and ask them how they solved it. The beauty of working with an MSP is that they see it all,” Crowetz says.

This panoramic vision can play a vital role in warding off the type of attack that crippled Atlanta.

The odd thing with MSPs is that we all tend to aggressively share information and help one another even though we are direct competitors in many cases. It’s weird! But at the same time, it allows us to research, master, and catch things we would otherwise miss as we are all working as a team. While munis tend to not talk to one another at all,” Crowetz says.

Increased scrutiny

So, how is a city’s system being compromised different than, say, an insurance company or bank? The difference Crowetz says is often just in the heat of the media headlines.

“When Bob’s Dry Cleaners gets breached, unlikely anyone will find out, and even then unlikely anyone will even care. When a municipality gets breached, it is highly likely the media will find out. It will hurt the reputation of everyone from the City Council members down to the IT department, and there will be pressure to fire someone or make some dramatic changes,” Crowetz says.

So if your local dry cleaner’s systems have been hacked, you’ll still go in and order extra starch on the collar. Meanwhile, in Atlanta, residents are just left hot under the collar.

Photo: ESB Professional/Shutterstock.com


Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

Leave a reply

Your email address will not be published. Required fields are marked *