Skip to main content
close search
site logo
Dive Brief

With recovery costs reaching nearly $2.7M, should Atlanta have paid the ransomware demand?

Published April 24, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Wikimedia - By Mike - Flickr: DSC_6831_2_3_tonemapped, CC BY 2.0

First published on

CIO Dive

Dive Brief:

  • Following Atlanta's ransomware attack last month, the city disclosed it has paid just under $2.7 million recovery costs from March 22 to April 2, according to Atlanta's Department of Procurement. The unpaid ransom demanded $51,000 to unlock Atlanta's technical infrastructure, making its recovery costs more than 50 times the demand.

  • To recover services, the majority of funds were dispersed to two city departments. For example, $650,000 was paid to SecureWorks for its emergency incident response services on March 26 for Atlanta's Information Management agency. And Atlanta's Municipal Courts paid Fyrsoft $730,000 on March 29 for Microsoft cloud, client stack design and build, pro services for Azure Active Directory and Windows 10 services.

  • The portal to communicate with the hacker group behind the attack, SamSam, was shut down, hindering the ability to pay the ransom, reports CSO. But the SamSam group has a "seven-day policy" for when a ransom should be paid. It is unknown if the city considered paying the ransom, which was left unpaid, before the portal closed.

Dive Insight:

In the end, Atlanta paid far more than the cost of the $51,000 ransom. But even it had paid — which is seldom recommended — there is no guarantee there would not have been residual costs or damages. 

Since the ransomware attack, city officials started working with the FBI, Department of Homeland Security and companies in the private sector, including Microsoft and Cisco.

Often opportunistic with minimal risk for the hacker, ransomware attacks are becoming more prevalent. But of all malware attacks, 56% are ransomware attacks, according to Verizon's 2018 Data Breach Investigations Report.

The SamSam group effectively turned Atlanta's technical infrastructure on its head, leaving city council employees to share "a single clunky personal laptop" while they worked to recreate audit spreadsheets.

SamSam is known for targeting entities that "cannot afford the down time" and Atlanta is no exception. The group is also known for proposing affordable ransoms compared to the overall value and assets of its targets.

However, because ransomware attacks are growing in frequency, it is not uncommon for large organizations to have a reserve fund to pay a ransom when they can't afford to be locked out of their systems for a substantial amount of time.

Recommended Reading

Filed Under: Climate & Resilience

Editors' picks

Company Announcements

View all | Post a press release

Want to share a company announcement with your peers?

Share your announcement

Editors' picks
Latest in Climate & Resilience
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell