[BreachExchange] Atlanta’s COO Speaks Out About Ransomware Recovery

Destry Winant destry at riskbasedsecurity.com
Wed May 16 17:41:01 EDT 2018


It was Atlanta’s acting Chief Operating Officer’s third day on the job
when a malware attack hit the city’s computer system two months ago.

Richard Cox called it “the most interesting beginning of any job I’ve
ever had in my life.” He said this is considered one of the biggest
malware attacks on a municipality in the United States.

“It was a monumental, and still is a big task for us to get out of
this,” Cox said.

He stands by the city’s decision not to pay a $51,000 ransom to
cyber-attackers. He said Mayor Keisha Lance Bottoms felt strongly
about not paying, and the FBI advised that it would not guarantee the
city anything. Additionally, he said the investment the city has now
made in the recovery is going to good use.

“Here’s the thing. A lot of the work we were going to have to do
anyway. As an example, we’re going to buy new laptops,” he said.
“Well, most of the laptops that we’re buying are replacing ones that
were close to depreciation.”

Mayor Bottoms has said the attack pushed cybersecurity to the top of
her priority list. Cox explained cybersecurity has also become a
priority in the search for a new chief information officer. The city’s
CIO left in January.

Cox said experts tell him that cyber threats don’t ever go away, and a
network can be never completely secured.

“I really feel good about us being in a better posture now, but you
never claim victory,” he said.

Cox said 90 percent of the city functions that customers use are back
to normal, and the goal is to get all customer-facing services fully
functional within two weeks.

The municipal court is still operating with paper files, but the water
department has its billing functions back, except for phone payments.
Those two entities appear to have been among the heaviest hit by the

Cox declined to give a timeline on recovery for internal processes,
citing security reasons. Court employees and some parts of the water
department are still functioning with paper files.

The city has authorized up to $5 million in emergency procurements to
spend on the recovery.

More information about the BreachExchange mailing list