Cyber Security Lessons: City of Atlanta Ransomware Incident

Cyber Security Lessons: City of Atlanta Ransomware Incident

November 11, 2021

Did you know that ransomware is on the rise? If you’re not familiar with this issue, ransomware is a type of cyberattack that encrypts a business’s files. The attacker then demands a ransom, hence the name, in order to restore access to any data taken. 

Ransomware attacks are an ever-growing threat in today’s business landscape. In fact, according to Statista, there were 304 million ransomware attacks in 2020 alone. Because of how common it is, learning to protect your business from these types of cyber threats is critical. 

In this issue of Cyber Hacked Stories, let’s take a look at the City of Atlanta ransomware incident. In it, we’ll not only share what happened, but we’ll also share exactly how to protect your business from ransomware attacks. 


The Details of the Incident

In the spring of 2018, cybercriminals compromised several computer networks within Atlanta’s City Hall to launch a ransomware attack. This incident has become known as one of the costliest cyberattacks to impact a local government, mostly because the city refused to comply with the cybercriminals’ demands. Let us explain… 

On March 22, 2018, cybercriminals utilized brute-force techniques to access several networks connected to Atlanta’s City Hall. The cybercriminals leveraged algorithmic password-cracking tactics in order to secure credentials. And, after obtaining access to government networks, the cybercriminals launched their attack using a customized form of malicious software known as SamSam ransomware. 

The attack compromised critical technology and information across Atlanta, interrupting key municipal functions within several city departments. In particular, the incident disrupted online payment programs for various services (e.g., utilities, traffic tickets, and business licenses or renewals) and a multitude of law enforcement operations, including warrant issuances, inmate processing protocols, and court fee payments. 

As part of the ransomware attack, the cyber-criminals demanded the payment of over $50,000 in bitcoin before restoring any technology or information for the Atlanta government — which, of course, the City of Atlanta refused to pay. 

By not paying the ransom, the city was forced to recover from the attack on their own accord in the coming days, weeks, and months. The government wasn’t able to restore its online payment programs until May, while local law enforcement couldn’t fully resume digital operations until June.

The Fallout of the Ransomware Attack

Following this large-scale ransomware attack, the Atlanta government encountered many consequences. First, the costs associated with recovering from the attack were severe. In total, the incident is estimated to have cost both the city and its taxpayers nearly $17 million.

Finally, the Atlanta government faced widespread scrutiny. While the Atlanta government made the right decision in not paying the ransom during this attack, IT experts blamed the city’s security failures for contributing to the severity of it. In fact, an audit performed just two months prior to the incident stated that there were between 1,500 and 2,000 total vulnerabilities identified within the Atlanta government’s digital operations and technology — suggesting the city had become complacent regarding cybersecurity. 


There are several cybersecurity takeaways from the Atlanta ransomware attack. Specifically, that cyber incident response plans are vital for the safety of your business.If the city had been prepared to respond to this incident, the recovery process likely could have been much faster and, subsequently,  far less expensive than it was.

The reality is, all organizations, from businesses to government entities, need a cyber incident response plan in place. This type of plan can help an organization establish timely response protocols for remaining operational and mitigating losses in the event of a cyber event.

Don’t wait until it’s too late to get protection. Make sure your organization works with a trusted insurance professional when navigating cyber security coverage decisions. For more risk management guidance and insurance solutions, contact us today.