The city of Atlanta received multiple warnings about the security of its computer systems before falling victim to a debilitating ransomware infection, leaked emails revealed.
Emails sent among the Department of Atlanta Information Management, city council staff and city clerk’s office suggest officials failed to adequately respond to multiple security warnings in months before ransomware infected its computers last week and sidelined operations throughout Georgia’s state capital, The Atlanta Journal-Constitution and WSB-TV reported Thursday after reviewing the messages.
The emails show that city employees were warned several times during an eight-month span starting last June about issues involving a video encoder used to broadcast council meetings across the internet, including as recently as weeks before its systems became infected March 22 with ransomware, a type of malware that typically encrypts the contents of vulnerable computers and holds their data hostage until the perpetrator is paid.
“What’s astonishing is the incident that’s manifested in that email communication is related to what we’re seeing today in terms of a ransomware,” said Tony UcedaVelez, an Atlanta-based cybersecurity expert who reviewed the email, WSB-TV reported.
City officials were warned on June 15 that the computer running the video encoder had become infected with “Wcry,” or WannaCry, a type of ransomware strain responsible for infecting machines in over 150 countries last spring, and that it risked spreading to other systems, AJC reported.
“Please allow AIM (Atlanta Information Management) to come up and run a scan on the PC, or they will have to disable the port so as the viruses will spread to the network,” a city information technology manager responded the next day, the report said.
City officials received a second ransomware warning roughly a month later on July 17, according to the newspaper.
“It appears to have been hacked,” a city employee responded.
“Urgent Cyber Security Incident,” a city employee said in another email two months later to Accela, the Atlanta firm that designed the encoder, AJC reported. “The encoder is creating a security attack on our network,” the employee reportedly wrote.
More recently, an outside security firm warned on Feb. 10 that a computer port running an Accela product posed a “high risk,” AJC reported.
Atlanta ultimately was infected with ransomware barely a month later, forcing several systems offline and causing lingering complications for the state’s largest city. As of Friday, Atlanta Police Department detectives have been unable to access information on homicide cases for a full week as a direct result of the ransomware infection, Atlanta’s Fox 5 reported.
“There’s definitely some negligence,” Mr. UcedaVelez said upon reviewing he emails. “It could be that this [the emails] is an incomplete story. But for the most part, it tells me they didn’t do enough triaging of the security threat that was found a long, long, long time ago.”
A city spokesperson repeated an early statement when approached about the email exchange, the outlets reported.
“Cybersecurity is an issue that affects many governments and leading organizations across the world,” said spokeswoman Anne Torres. “As challenges around cyber security continue to evolve, we must invest in our infrastructure and remain vigilant in ensuring our security measures continue to match the threats facing us.”
Security researchers have identified the strain of ransomware that infected Atlanta as SamSam, the same type responsible for a slew of previous incidents suffered by victims ranging from hospitals to smaller cities.