Atlanta, Hit by Ransomware Attack, Also Fell Victim To Leaked NSA Exploits
Zack Whittaker, reporting for ZDNet: It's been almost a week since the City of Atlanta was hit by a ransomware attack, which encrypted city data and led to the shutdown of some services. Mayor Keisha Lance Bottoms said in a press conference Monday that the city's government is working on recovering the network after ransom notes appeared on computer displays on Thursday afternoon. The city has hired local cybersecurity firm SecureWorks to assess the situation. Reports say the notorious SamSam ransomware was used in the Atlanta attack, which exploits a deserialization vulnerability in Java-based servers. [...] But according to one security firm, last week's cyberattack was not a surprise because the city had fallen victim to leaked government exploits used in the WannaCry outbreak. New data provided by Augusta, Ga.-based cybersecurity firm Rendition Infosec, seen by ZDNet, shows that the city's network was silently infected last year with leaked exploits developed by the National Security Agency. The cybersecurity firm's founder Jake Williams said at least five internet-facing city servers were infected with the NSA-developed DoublePulsar backdoor in late April to early May 2017. That was more than a month after Microsoft released critical patches for the exploits and urged users to install.
Read more of this story at Slashdot.