Cyber Incident Victim: City of Dunwoody

The City of Dunwoody, Georgia, experienced a ransomware attack detected on December 24, 2019. City staff identified the intrusion and immediately engaged InterDev, the city’s cybersecurity contractor, to contain the threat. Response actions included shutting down servers and disconnecting computers to prevent further spread of the attack. The FBI initiated an investigation into the incident. InterDev’s director of government services, Ashley Smith, confirmed that no data was compromised due to the rapid containment measures. Backup systems were utilized to fully restore operations without data loss, according to a city news release. Dunwoody Police Chief Billy Grogan disclosed that attackers demanded a ransom payment in bitcoin but did not specify the amount. The city refused to pay the ransom demand.

The attack necessitated wiping several affected computers and servers, resulting in multiple days of network downtime before full restoration. During the recovery period, the Dunwoody Police Department reverted to manual processes for critical functions, including handwritten incident reports and traffic citations. Radio communications replaced email systems temporarily. Grogan emphasized that emergency services continued uninterrupted despite these operational challenges. This incident marked Dunwoody as the latest metro Atlanta government entity targeted by cyberattacks, following prior incidents affecting the City of Atlanta in March 2018, the Georgia Administrative Office of Courts, Lawrenceville Police Department, Henry County government, and Georgia Department of Public Safety throughout 2019. The City of Atlanta’s 2018 attack involved a $51,000 ransom demand from Iranian hackers, which was similarly refused. Dunwoody’s restoration relied entirely on existing backups with no reported financial transactions to attackers.