As the city of Atlanta’s computer systems are still being held hostage by ransomware hackers, expert David Raymond explains how attacks like this could be merely the tip of the iceberg unless cities proactively seek network security.

“Ransomware attacks on city governments, hospitals and other critical infrastructure have become very popular over the last few years as it’s proven to be profitable since many cities generally lack overarching security networks,” Raymond said.  

Another data breach affecting the city of Baltimore’s 911 emergency dispatch system occurred the morning of Saturday, March 24.   

Background  

Online systems within the Atlanta city government were breached and their data were encrypted on the morning of Thursday, March 22. The hackers are demanding $51,000 in the form of bitcoin in exchange for the return of city’s the network information. City officials have not revealed a great amount of information on the breach to the public since gaining knowledge of its origin.

Quoting Raymond

“Future cyberattacks on city governments such as the one on Atlanta will continue to happen as long as hackers can make a profit from their efforts.”

“An organization can survive a ransomware attack if they have their data backed up. The dilemma of a ransomware attack is presented if rebuilding systems from backed up data is more expensive than paying the hackers or if the breached data isn’t backed up at all. Additionally, a conflict of interest exists in that there might be a policy, written or unwritten, to not pay off criminals. If Atlanta does pay its hackers, it could encourage other hackers to engage in this type of cyberattack as it would deem successful and profitable for the perpetrators in this scenario.”

“It’s not surprising that cities haven't been proactive in establishing secure data networks because of the copious other areas of concern which cities are responsible for. They often don’t consider the negative implications of lacking sufficient data security until something bad happens."

About Raymond

David Raymond currently serves as Director of the Virginia Cyber Range and Deputy Director of Virginia Tech’s IT Security Lab. Some of his areas of focus include cyber operations, information assurance, secure wireless protocols, and online privacy. View his full bio here.

Expertise featured in The Wall Street Journal.

Schedule an interview

To secure an interview, contact Ceci Leonard in the media relations office at ceciliae@vt.edu or 540-357-2500.

Our studio

Virginia Tech's television and radio studio can broadcast live HD audio and video to networks, news agencies, and affiliates interviewing Virginia Tech faculty, students, and staff. The university does not charge for use of its studio. Video is transmitted by LTN Global Communications, and fees may apply. Broadcast quality audio for radio is transmitted via ISDN.

Written by Justin McCloskey

Share this story