Ransomware in Atlanta and Baltimore.
Atlanta's ransomware attack is proving difficult to remediate (ZDNet). While some of the previously disconnected city systems came back online early this week, recovery still remains incomplete. The criminals' deadline expired this Wednesday, but the attackers had already taken down the portal they'd established for payment (NPR). The ransom amount, $51,000 in Bitcoin, seems small in comparison with the disruption the attack caused (Business Insider). The city is said to have received multiple warnings that its systems were vulnerable (too vulnerable for confidence about resilience—all systems are vulnerable to some extent), but did not address them (Atlanta Journal Constitution).
Last Sunday the city of Baltimore suffered an outage in its automated 911 call management system. The city reverted to manual dispatching systems before recovering its systems after a few hours. Baltimore's CIO called the incident a "self-inflicted wound." The ransomware entered the city's computer-aided dispatch system for 911 and 311 (non-emergency services) after IT teams troubleshooting a communications problem changed a server firewall and inadvertently left a port open for about a day. The city believes hackers scanning for open ports found and used it as a target of opportunity (Baltimore Sun).