On Monday, Atlanta Mayor Keisha Lance-Bottoms stressed that personal data has yet to be compromised following the cyber attack on the city.
“There is nothing that we have come across that says personal data has been compromised,” Mayor Bottoms said.
Mayor Bottoms said in a press conference that the city is working with Secure Works, a private company to investigate the hack. The private contractor said the threat has been neutralized and they’re working to get all systems back online.
The investigation is currently in its infancy phase and will soon be moving into recovery mode so the city can move forward.
“This is bigger than a ransomware attack, it’s an attack on government and therefore an attack on all of us,” Mayor Bottoms said.
When it comes to a timeline getting everything secure, Mayor Bottoms said everyone is being cautious.
“We are dealing with a hostage situation, just as we wouldn’t give away too much information if there were a physical hostage, we do have to be careful when we speak about timelines,” Mayor Bottoms said.
Mayor Bottoms said in her press conference that on Day 5 of the cyber attack, they have not decided whether or not to pay the hackers 6 Bitcoin. The Mayor claimed they know who is behind the attack but have yet to release any additional information.
“As a major city, this is new territory for us and we are a resilient city and we will get on the other side of this,” Mayor Bottoms said.
While Mayor Bottoms said the city continues to operate, the attack is still leaving its mark on Atlanta's court systems.
Residents with pending court cases for certain low-level offenses are getting a brief reprieve as a result of the ransomware attack that has crippled some Atlanta city computer systems.
The city court released a statement by Twitter on Monday explaining that the court has no ability to process tickets and failure to appear cases (FTAs) aren't being issued for the time that the computers are down.
"The Municipal Court does not have the ability to process ticket payments (online or in person)," the court system posted on their official Twitter account. "Customers who were set for court will not be penalized during this time. No FTAs for cases that were set during this time will be generated and all cases will be automatically reset."
The statement went on to explain that the court is not able to validate warrants that originated from the court and will not be conducting "walk-in FTA Court" until the systems are restored.
Reset forms and change of address forms can still be completed in person at the courthouse during regular business hours.
The city is working with the FBI, U.S. Department of Homeland Security, Cisco cybersecurity officials and even Microsoft to determine what information had been accessed after a ransomware attack wormed its way through city computers encrypting information and demanding $51,000 in Bitcoin to unlock the data.
The hacks also impacted several systems that allow the municipal offices to interact with the public. Other offices, such as the city's police and fire departments, took extra precautions but were not impacted by the hack according to city officials.
Employees told 11Alive that they were told to shut down their computers and unplug them if they noticed suspicious activity.
According to the U.S. Department of Justice, the SAMSAM strain was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application.
According to HealthcareITNews.com, these SAMSAM cyberattacks have been on the uptick since the first of this year with cities, companies and even hospitals reporting their information being held hostage.
Late in February, the same attack was used against the Colorado Department of Transportation. It also struck two Indiana hospitals, Hancock Health and Adams Memorial Hospital, earlier this year requesting about $50,000.
The city of Farmington, New Mexico was also the victim of this cyber attack and did not pay the ransom.