The last victim affected by ransomware is the city government of Atlanta, GA. The ninth-largest metro area in the US isn't able to do things like process payments or provide access to courthouse information because some systems are locked down. During a press conference, mayor Keisha Bottoms and newly-appointed COO Richard Cox said that they're working with the FBI, DHS, Microsoft and Cisco to find out what data has been potentially been compromised.The local NBC affiliate reports a ransom note included with the SamSam ransomware is demanding about $51,000 in bitcoin to restore the systems.
If it is SamSam, it's part of a family of malware has been active against many government and healthcare systems since late 2015. In January, Talos noted that its makers had already netted over $325,000 in ransom sent to one bitcoin wallet. This particular attack isn't spreading on the level of 2017's NotPetya/WannaCry, but its apparent ability to target critical systems where the owners are likely to pay makes it even more troublesome, spreading first through vulnerable servers and then onto Windows desktops. The Atlanta government said it will be open for business in the morning, and that infrastructure like public safety, water and the airport are unaffected.
The City of Atlanta is currently experiencing outages on various customer facing applications, including some the customers may use to pay bills or access court related information. We will post any updates as we receive them. pic.twitter.com/cezLBFsINt— ATL Municipal Court (@ATLCourt) March 22, 2018