The city of Atlanta, Georgia. (Image: file photo)
Atlanta spent more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city's online services.
The city was hit by the notorious SamSam ransomware[1], which exploits a deserialization vulnerability[2] in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price.
But it's understood that the ransom was never paid -- because the portal used to pay the ransom (even if the city wanted to) was pulled offline[3] by the ransomware attacker.
According to newly published[4] emergency procurement figures, the city spent around fifty-times that amount in response to the cyberattack.
Between March 22 and April 2, the city spent $2,667,328 in incident response, recovery, and crisis management. (Hat tip to Ryan Naraine for tweeting out[5] the link.)
Among the costs, Atlanta spent $650,000 on hiring local security firm Secureworks for emergency incident repsonse services, and an additional $600,000 on advisory services from Ernst & Young for cyber incident response.
The city also spent $50,000 to hire Edelman, a public relations firm specializing in crisis response management -- in other words, trying to make things look less bad than they actually are.
It's not known if additional, unreported costs were involved in the ransomware clean-up.
When reached, a spokesperson for the city did not immediately respond to several questions we had. If that changes, we'll update.
Last month we reported that Atlanta narrowly missed out falling victim[6] to another cyberattack in 2016,