In the wake of a March 22 cyber attack that caused chaos on city of Atlanta computer systems, other local cities say they are prepared for similar threats, which occur almost constantly. Dunwoody says it has seen a “marked increase” in one type of suspicious computer activity since the Atlanta incident.
In the Atlanta attack, unknown criminals penetrated city computer systems, encrypted various files, and demanded a ransom in exchange for the key to unlock them, in what is known as “ransomware.” It remains unclear whether the criminals directly hacked into the system or used “phishing” — a deceptive email containing a link that, when clicked, installed the ransomware on the computer.
The ransomware shut down systems for paying water bills and handling city court cases, and rendered useless the computer files of some City Council members, among other impacts. Most of the systems are back in operation, but some files may never be recovered, and water bills still can’t be paid online. The city has declined to say whether it paid the ransom.
Dunwoody previously experienced its own, less damaging hack on Thanksgiving Day in 2016, when hackers believed to be from the county of Turkey altered the city’s website to display a photo of the Turkish president and flag. The website is hosted on a third-party server and was restored after about two days. City spokesperson Bob Mullen said that is one attack of dozens per day that are unsuccessful.
Mullen said the city’s IT team “estimates hacker attempts on the website occur about 10 times per day and hacker attempts on the city’s firewall or systems occur about 40-50 times per day. The majority of these attempts are passive attempts usually from [automated software] ‘bots’ versus individual human hackers attempting to break into the systems.”
“There has been a marked increase in spam received and stopped by the city’s filter safeguards since the Atlanta attack,” Mullen added. In response, the IT team has boosted its digital security, including “added protections for emails and spam, as well as reinforced antivirus and firewall protections.”
The city of Brookhaven said it also sees hacking attempts regularly, but has not noted any increase since the Atlanta attack.
“The cyber attacks and ransomware attempts are fairly commonplace, and the city of Brookhaven sees them regularly, especially the phishing variety such as the email that entices the recipient to click on a link, which releases the virus [or] ransomware, etc.,” said city spokesperson Burke Brennan.
“Because we have multiple preventative measures in place, it is almost impossible to ascertain the exact number of unsuccessful attempts made,” Brennan added. “Anecdotally, it does not appear that there has been any increase or decrease since March on the obvious email attempts.”
As general digital defense, Brennan said, Brookhaven has “enlisted the resources of several IT security and services companies to perform security assessments and/or monitoring, and ensure that we maintain current anti-virus software on all of our desktop, mobile and server computers. These security firms would also assist in the restoration of programs and data, if a breach was successful.”
Sandy Springs has not seen an increase in hacking attempts since the Atlanta attack, said spokesperson Sharon Kraun. Citing security concerns, she declined to describe the defensive measures used by the city. But she said the city is well aware of such threats.
“Maintaining a secure infrastructure is a top priority, and the city uses a variety of security measures, both cloud-based and local, to ensure the safety of our data,” Kraun said. “There is an ongoing threat of being hacked, not only for Sandy Springs, but for any business or municipality which utilizes online services. Knowing this, we mitigate the risks by implementing multiple layers of protection.”
The Atlanta attack had an effect on some Sandy Springs citizens, as the city’s water service is provided by Atlanta.
–Evelyn Andrews contributed