Why Atlanta’s $50k Ransomware Threat Turned into a $2.6 million Cybersecurity Upgrade

Atlanta's night skyline.

March this year saw the US city of Atlanta faced with a ransomware attack. Even though the hackers didn’t get away with their $50k in bitcoins, the city did pay over $2.6 million to ensure that they won’t be vulnerable to a similar threat again.


As we move towards a paperless society, governments rely more and more on online systems to make processes easier for themselves and the rest of the citizens.

Cryptocurrencies are another core part of going digital and while last year saw a decided increase in their popularity, it also saw an increase in scams and ransomware attacks.

Atlanta Systems Under Threat

This concerning trend carried into 2018 and saw the US city of Atlanta experience a ransomware attack. The government’s computer system was infected with malware before the hackers requested payment of approximately $50,000 worth of bitcoins.

However, according to Wired, before the city could even think about paying or not, the hackers removed the payment portal. This resulted in the city having to fix the hack themselves, and that’s where the real money comes in.

Costly Fixes and Upgrades

Between the 22nd of March and the 2nd of April, the city spent $2,667,328 on unblocking their systems. This included hiring digital forensics specialists and Microsoft Cloud experts. A total of $600,000 went to Ernst & Young for incident response fees and another $50,000 went to Edelman, a crisis communications firm.

Compared to the initial ransom request, this amount spent seems exorbitant. However, Chris Duvall believes that the amount is actually reasonable. Duvall is the senior director of The Chertoff Group, a company specializing in risk management. He explained:

“What Atlanta paid is maybe not a bargain, but I think they probably did pretty well. We had a private sector client, a relatively small company that was about $60 million in revenue, they ended up paying about $3.1 million after a ransomware attack, because they had all the incident response, plus insurance claims, privacy monitoring, and contractual hits for missed services. It can be very expensive, and defense is not an easy thing.”

We Do Not Negotiate with Hackers

Dave Chronister, founder of corporate and government defense firm Parameter Security, believes that payment should not be an option:

It may be a Pollyanna belief, but you’re only feeding the problem if you pay. It only works if people are actually paying it, and instead that money could go a long way to actually fixing your stuff beforehand.

Even though the US government does not recommend paying requested ransoms, they are aware that each case is different. In the case of Atlanta, the malware was alleged to have infected the law enforcement’s records system as well as revenue collection services.

One the one hand, paying the ransom would have been less than the eventual amount spent, but it would not have guaranteed that the hackers would hold up their end of the bargain.

Prevention is Better Than Cure

On the other hand, the preventative measures and enhanced cybersecurity that the $2.6 million bought the city will more than likely leave them thoroughly protected against any future threats.

However, in this case, these measures were more reactive than proactive, the difference between the two equaling hundreds of thousands of dollars. Jake Williams, who is the founder of Rendition Infosec cybersecurity firm, elaborated:

Emergency support and overtime costs phenomenally more than just handling the issues. In other words, upgrades that might have cost $100k in normal budgeting might cost $300k-plus in emergency spending during an incident.

Defense Against Possible Ransomware Attacks

According to Rendition Infosec, Atlanta’s systems were compromised in April last year, exposing existing threats in their security.

So even though the city paid a substantial amount in response to an emergency situation, their cybersecurity upgrades should now offer a higher level of protection against any future threats.

Do you think the city should have paid the initial ransomware request? If they did, do you think they still would have improved their security? Let us know in the comments below!


Images courtesy of PxHere, Shutterstock, YouTube

Exit mobile version