The SamSam ransomware attack that took down the city of Atlanta's computer network in March could cost taxpayers $17 million — up from earlier estimates of $2.7 million, according to a "confidential and privileged" seven-page document reviewed by The Atlanta Journal-Constitution and Channel 2 Action News.
The latest cost estimate includes about $6 million in existing contracts for security services and software upgrades and $11 million in potential costs associated with the attack, including new desktops, laptops, smartphones and tablets. This would mark one of the U.S.' costliest cyberattacks affecting a local government in 2018, despite city officials declining to pay the ransom demanded by the hackers.
"We are pleased with the progress of the recovery efforts. In addition to responding to the criminal attack against the city of Atlanta, we are using this opportunity to make the city more secure," a city spokesperson told the publications in an email statement. "Unfortunately, in today's world, governments are seeing an increase in cyber attacks … As you already know, the city is insured against cyberattack (sic). We continue to work through that process for the most cost-effective outcome for our residents."
The ransomware incident knocked out services such as warrant issuances, water requests, new inmate processing, court fee payments and online bill-pay programs across multiple city departments. To unlock the city's systems and data, hackers demanded $51,000 in bitcoin, which the city refused to pay. The full extent of the damage is not yet clear, although AJC and Channel 2 Action News discovered two months ago that years of Atlanta Police footage from officers' patrol cars was lost and unrecoverable as a result of the incident.
Leading up to the attack, Atlanta expended significant resources to make it a so-called "Smart City," or a city that boasts information and communication technology to improve public services. These cities, however, are particularly vulnerable to cyberattacks and several audits of the city's IT department dating back to 2010 identified numerous security weaknesses.