In 2018, the city of Atlanta suffered a devastating ransomware attack that crippled city operations. In this video, Mike Chapple explains the details surrounding the Atlanta breach.
(foreboding music) - [Instructor] In March, 2018, the city of Atlanta was forced to tell constituents that a large swath of city operations were shut down due to a cybersecurity breach. In an incident that became one of the largest municipal cyber attacks to date, Atlanta had lost access to a large number of systems. It would be weeks before they restored normal operations.
City official had been tight-lipped about the source of the breach, but cybersecurity researchers have learned quite a bit by studying the activity of similar attacks. While most ransomware is delivered by phishing schemes and similar attacks that broadly target whomever happens to fall victim, the SamSam ransomware used in this attack against Atlanta is the tool of choice for a group of attackers following a careful methodology. These attackers, nicknamed Gold Lowell by the Dell Secureworks Threat Intelligence Team, scout out their targets in advance and only deploy ransomware in the final stages of their attack.
They typically seek out a weakness in one of the target systems, and use that weakness to gain an initial foothold on the network. They then use a set of hacking tools to gain administrative access to their initial target system and leverage the access they have to that system to spread across the entire network. Once they've stealthily penetrated systems across the target's network, they then roll out their ransomware to quickly render all of the data stored on those systems completely inaccessible. That pattern of activity seems to match the symptoms experienced by Atlanta.
As the attack unfolded, city technology staffers found themselves suddenly thrust into the spotlight. Citizens were demanding the restoration of services, city employees were panicking about being able to carry out their job functions, and the media was demanding answers. Atlanta city officials brought in a host of consulting firms to help investigate the attack and restore service as quickly as possible. Before they could accomplish this, they needed to understand what had happened and how they could restore service without triggering a second attack.
Author
Mike Chapple
Updated
6/10/2019Released
10/8/2018Skill Level Intermediate
Duration
Views
-
Introduction
-
The 2017 Equifax Breach
-
The Equifax breach2m 41s
-
Inside the Equifax breach3m 22s
-
Lesson 2: Move quickly!2m 36s
-
-
The 2013 Target Breach
-
The Target breach2m 43s
-
Inside the Target breach4m 55s
-
Lesson 1: Vendor management4m 21s
-
Lesson 3: Log monitoring5m 6s
-
-
The 2006 VA Laptop Theft
-
Inside the VA breach5m 42s
-
Lesson 3: Security policy4m 42s
-
Aftermath of the VA breach2m 45s
-
The 2018 Atlanta Ransomware Breach
-
The 2005 TJX Breach
-
The TJX breach2m 8s
-
Inside the TJX breach4m 3s
-
Aftermath of the TJX breach2m 27s
-
-
The 2013 Bowman Dam Breach
-
The Bowman Dam breach3m 12s
-
Inside the Bowman Dam breach5m 51s
-
-
The State-Sponsored University Breach
-
Lesson 3: Social engineering6m 19s
-
The Maersk Breach
-
The Maersk breach2m 43s
-
Inside the Maersk breach3m 37s
-
Lesson 3: Test backups4m 8s
-
After the Maersk breach2m 38s
-
-
The Sony Breach
-
The Sony breach3m 24s
-
Inside the Sony breach2m 42s
-
Lesson 1: Defense in depth2m 11s
-
Lesson 2: Offense is risky2m 23s
-
Lesson 3: Authentication2m 13s
-
After the Sony breach3m 24s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: The Atlanta ransomware breach