The Next-Gen Tech That Would Have Saved Atlanta $17 Million

Anna VinogradovaDigital Marketing Manager
In April 2018, the "SamSam" ransomware attack crippled the city of Atlanta. The recovery that followed provides a stark reminder of the real costs associated with ransomware – both technologically and financially.

The Atlanta ransomware attack affected more than 140 essential applications, 30 percent of which supported vital municipal functions such as the court system and police department. Additionally, the attack cost the City Attorney’s office 10 years' worth of documents and the police lost all their stored dash-cam footage.

For confidence and peace of mind, users need data protection solutions that help ease disaster recovery efforts while protecting systems from emerging threats. Maintaining continuous data integrity and confidentiality today requires both backup and recovery solutions that actively evolve to mitigate the threats new ransomware strains pose. Innovative techniques like artificial intelligence and machine learning enable better cyber protection by predicting the next attack methodology – and staying ahead of attackers.

The True Cost of Ransomware

When we first reported on this story, damage estimates hovered around $1 million. However, as the city government performs its cleanup and post-mortum analysis, the total estimated cost could balloon as high as $17 million.

Atlanta has learned the hard way that recovery from a ransomware attack is often much more costly than initial projections might suggest.

Should You Pay the Ransom?

Atlanta didn’t pay the ransom, a strategy generally recommended by security experts and law enforcement officials. Authorities make these recommendations because more than 50 percent of victims who choose to pay don’t recover their data anyway, often because the malware authors botch the decryption coding.

Choosing not to pay the ransom comes with its own risks, however. Businesses that refuse to pay cybercriminals need to rely on their backup and business continuity operations to recover their data from earlier archives. Unfortunately, Atlanta was ill-equipped to do this.

City officials refused to pay the ransom -- $51,000 in Bitcoin -- and now face huge recovery costs.

Can You Avoid Attack?

Today, attacks are inevitable. The Ponemon Institute 2018 Study on Global Megatrends in Cybersecurity noted that 67 percent of the Chief Information Security Officers who responded felt that ransomware attacks would increase, both in frequency and payout.

Protecting systems against known ransomware is a first step, but it is often an outdated solution. The Atlanta SamSam attack relied on a variant of a known ransomware methodology. Because Atlanta didn’t have the ability to use predictive protection, it wasn’t able to defend itself.

As experts secure an exploitable vulnerability, attackers find a new one. In response, many IT professionals now look to big data and machine learning as a means to stay one step ahead of hackers. This leads to a shift in the industry, whereby modern "best business recovery" practices need to protect first and enable recovery second.

The Most Secure Backup


In hindsight, a better approach for protection would have combined more diligent, regular backups with proactive measures to detect, terminate, and instantly recover from a ransomware attack in real time. Acronis Backup includes Acronis Active Protection, an integrated, AI-based defense against ransomware, which uses machine learning to predict variants of pre-existing ransomware to fight new attack types. The costs of the solution would have been small compared to both the ransom demanded and the subsequent clean-up costs.

Acronis Active Protection has already been proven by independent testers to successfully detect, defeat, and automatically recover from ransomware attacks, including the SamSam variant that brought down Atlanta’s computer systems. Had Atlanta invested in Acronis Backup (our data protection product for businesses) or downloaded Acronis Ransomware Protection (the free streamlined version of Acronis Active Protection), the city would have saved millions in clean-up costs and avoided the huge hit to the reputation of every city official and IT professional involved.

Effective Anti-ransomware Software

The Acronis Active Protection technology included in all Acronis backup products not only defeats known ransomware strains like SamSam, but so-called “zero-day” ransomware attacks: the kind that are as-yet unknown to security researchers. That’s because the built-in machine learning capabilities of Acronis Active Protection identifies ransomware attacks not by their known signatures (the approach used by anti-virus programs) but by their peculiar behaviors.

Acronis Active Protection combines a record of known ransomware behaviors with the ability to identify new strains in real-time; it’s based on machine-learning analysis of millions of good and bad programs. This AI-based defense has been proven exceedingly effective in stopping all types of ransomware, successfully defeating 200,000 attacks last year.

And Acronis continuously updates this anti-ransomware tech, enhancing the dependability of the software while preserving its reputation (verified by multiple independent researchers) as the most effective anti-ransomware solution on the market.

Final Thought

As malicious actors work to continually undermine data security, backup and recovery solutions become more integral to protecting critical information, systems, and networks. Recovery solutions need to begin with threat mitigation, using backup as a last resort. Mitigate threats using Acronis Active Protection and enable business continuity with Acronis Backup for a holistic approach to data protection, including backup, and recovery. 


Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.