The ransomware attack against the city of Atlanta which took place in late March seems to be much worse than originally thought, Reuters is reporting this Thursday. As a matter of fact, it could very well be the worst cyber assault on any U.S. city.
Here's the breakdown: more than a third of 424 software used by the city have either gone offline, or have been partially disabled. Almost 30 per cent of the affected applications are considered mission critical, affecting the police and courts, to name a few.
“It’s a lot more... it seems to be growing every day,” Atlanta Information Management head Daphne Rackley told the Atlanta City Council. An additional $9.5 million had been proposed, to cover for the costs of the incident.
The full extent of the incident is still being uncovered. Hackers have demanded $51,000 worth of bitcoin for the release of all encrypted data. The city said it had not paid the ransom.
Ransomware is a type of malware which is usually spread through phishing. Once a hacker establishes a relationship with a victim (often a company employee, but sometimes an executive, as well), he/she'd proceed to send an attachment with a malicious payload.
That attachment would, once ran, spread through the network, mapping it and spreading. Once it spreads across the entire network (cloud services included) it would then encrypt all the data, and demand ransom in cryptocurrency to unlock the data.
This type of malware is hard to prevent because encryption isn't a malicious activity in itself.
Individuals are sometimes targets, even though hackers target mostly companies. Paying ransom does not guarantee they'll get their data back.
Image source: Shutterstock/Carlos Amarillo