In March 2018, the city of Atlanta, Georgia was the target of a massive cyber extortion. The city recognized the attack on Thursday, March 22, 2018 and publicly acknowledged it was a ransomware attack targeting the city’s network.
The way it worked was attackers infected the city’s computer system with the SamSam malware and asked for a ransom of $50,000 worth of bitcoin. After the city refused to pay the ransom, the attackers quickly took the payment portal offline and left the city to fend for itself.
The ransomware knocked out services such as warrant issuances, water requests, inmate processing, court fee payments and online bill-pay programs across multiple city departments.
In addition, Atlanta police officers were forced to hand write their reports and it was discovered that years of Atlanta Police footage from officers’ patrol cars was lost and unrecoverable as a result of the incident.
The SamSam Ransomware used in the extortion differs from other ransomware in that it doesn’t rely on phishing, but rather utilizes a brute-force attack to guess weak passwords until a match is found. In other words, it targets weaker IT infrastructures and servers.
The ransomware has prominently been behind attacks on medical and government organizations since its discovery in 2016, with previous attacks on targets ranging from small towns such as Farmington, New Mexico to the Colorado Department of Transportation.
The scary thing is, this hack was the largest successful breach of security for a major American city by ransomware, affecting up to 6 million people.
In the days and months following the attack, the city of Atlanta cooperated with the FBI, Department of Homeland Security and Secret Service and hired security firms to investigate, with most of Atlanta’s city government computers remaining powered off for five days.
In response to this hack, Atlanta initially spent $2.7 million to hire security contractors in order to recover from the attack, but later estimates put the total amount closer to $9.5 million in costs.
On November 26, 2018, the Department of Justice indicted two Iranian hackers for the attack, charging that Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were part of the SamSam group and created the Ransomware.
The reality is, digital extortion has evolved into the most successful criminal business model in the current age of computer dependency. Considering this growing threat, here are some tips you can use to help you stay safe and prevent this from happening to you.
Never respond. Digital extortion can come in many forms from a cyber attack to someone simply e-mailing you saying they’re going to post a compromising picture of you.
The reality is, whether you receive a text, phone call, or e-mail with an extortion demand, you should never respond. Instead, you should immediately contact your local police and seek their advice as far as contacting the FBI.
In addition to ignoring their contact, never negotiate or pay any ransom. This will only lead to further demands and attempts to get money from you. You have to resist the urge to communicate with the attackers.
Don’t share compromising pictures/e-mails/texts. This one is common sense, but most people don’t have it. Just think of the number of celebrities that have had naked pictures exposed to the world.
If you are going to text or email something inappropriate to another person, you’ve got to be prepared for the whole world to see it. Frankly, all it takes is one picture or one message falling into the wrong hands and you could become a major target for extortion.
Consider insurance. If you’re a business owner or are the face of your company such as a doctor or lawyer, you might want to check out extortion insurance.
Many insurance companies offer different options that will cover extortion, cyber attacks, and ransom demands. One of the better-known companies that offer this coverage is AIG and the costs will depend on the type of coverage you want.
As I mentioned, these days you need to act like every text, e-mail, or data stored electronically could potentially be exposed for the entire world to see.