Early on Thursday, March 22, 2018, the city of Atlanta's online systems were hit by a ransomware attack. In an effort to minimize the impact of the attack, workers were told not to use their computers or Wi-Fi. While the attackers were only demanding $51,000 in ransom, the impact to the city is much more far-reaching—bringing municipal services to their knees.

Here's What We Know:

• The following city of Atlanta's online applications were affected by the attack: Department of Public Works' website was disabled, impacting residents trying to pay bills; applications for new employment were suspended; Department of Corrections had to manually process inmates; Municipal Court hearings had to be rescheduled; the ability to process ticket payments was disabled; and public Wi-Fi at Hartsfield-Jackson International Airport was rendered unavailable.

•  The group behind the SamSam ransomware is responsible for the attack. The group has made over $850,000 since December 2017 and is also responsible for attacks on the Colorado Department of Transportation (twice), Municipality of Farmington in New Mexico, Allscripts, Hancock Health, Adams Memorial Hospital and Davidson County in North Carolina.

• The ransomware is not spread via email; the attackers find a way in through vulnerable servers by using weak or stolen credentials. Once inside the network, the attackers manually use legitimate system tools and resources to install the ransomware throughout the entire network.

• Law enforcement and technical companies have been brought in to investigate the breach.

• A week later, the city still does not have full functionality restored to its online systems and has not decided if it will pay the ransom.

Ransomware attacks are not going away anytime soon. Attackers are getting smarter each day and are targeting state and local agencies, as well as private companies, that lack the necessary network security to protect the data and resources they house. Our whitepaper details some steps your organization can take to prevent a ransomware attack from interrupting your business continuity with a catastrophic outage.