Cyber Incident Victim: Atalanta

On March 22, 2018, the City of Atlanta experienced a ransomware cyber attack that disrupted municipal operations and compromised data security. Officials first detected the incident at 05:40 that morning, prompting an emergency response. The attack encrypted portions of the city's data infrastructure, affecting both public-facing services and internal applications. Critical systems for online bill payments and court information access became unavailable, creating immediate disruptions for residents conducting routine municipal business. However, essential operations including public safety agencies, water services, and Hartsfield-Jackson Atlanta International Airport continued functioning normally. City payroll systems also remained unaffected, preventing broader workforce complications.

City officials held a press conference that afternoon with Mayor Keisha Lance Bottoms and Chief Operating Officer Richard Cox to address the crisis. The administration confirmed collaboration with federal investigators from the FBI and Department of Homeland Security, alongside technical teams from Microsoft and Cisco, to assess the damage and restore systems. A ransom demand of $51,000 surfaced through a screenshot shared by a city employee, with initial malware analysis suggesting similarities to the SAMSAM ransomware strain active since 2016. Mayor Bottoms explicitly stated no decision had been made regarding ransom payment while emphasizing the seriousness of the ongoing investigation. Residents and employees were advised to monitor personal accounts for potential misuse of information stored on compromised servers, though the full extent of data exposure remained undetermined at the time of reporting. The incident highlighted vulnerabilities in Atlanta's updated IT infrastructure despite maintaining partial operational continuity during the attack.