The city services of Atlanta, Georgia are being held hostage by cyber sabotage blackmailers and those who are willing to pay up seem to have a problem. They have no idea where to send the funds.
But, as Georgia Public Broadcasting’s Emily Cureton reported for NPR, even if officials authorized the six-bitcoin ransom payment — currently worth about $51,000 — to lift the wall of encryption paralyzing a number of city services, it’s not clear whether there is anywhere to send the money.
The payment portal set up by the hijackers for the infected systems, which included a countdown clock, was disabled days before the deadline after a local TV news station tweeted out an unredacted ransom note it obtained from a city employee. It contained a link to a bitcoin wallet leading directly to a group known for using SamSam ransomware.
That doesn’t solve the main problem in Atlanta, though. The city services computer systems are still down.
What is interesting is that the attackers knew who to target.
Still, the SamSam group is known for choosing targets with weak security and high incentives to regain control of their information and therefore are very likely to pay. Since December 2017, it has collected nearly $850,000 in ransoms from victims in health care, education and government, according to CSO. Last month, the city of Leeds, Ala., paid ransomware hackers $12,000 to release data in a similar attack.
So, education, government, and healthcare are where the cybersecurity holes are. And these groups are willing to pay ransoms to groups holding them hostage rather than beef up their security.
The Atlanta case, though, breaks a precident.
Researchers working for Talos, a company that is investigating SamSam, say this is the first time the group “has publicly deleted or deactivated a portal prior to the seven-day clock expiring. While it’s possible they’ve taken such actions before, reports of those incidents haven’t been shared publicly.”
Well, Atlanta, good luck. You’re going to need it.