The small city of Cornelia in the US state of Georgia,
best known among tourists for building a 2.4-ton sculpture of a red apple, is
now becoming known for a more heroic feat – suffering its third ransomware attack
so far this year and avoiding ransom payments every time.
The city of about 4,000 residents was last attacked in
late September after the intrusion shut down billing systems for an entire day,
but before attackers got the chance to encrypt anything. A new firewall should
take care of similar problems in the future.
Attackers often hit small city administrations and
businesses, focusing on targets that can be compromised. The assumption is that
small infrastructures are not protected as well, and staff are not trained to
deal with problems.
Cornelia, which had no full-time IT employee until about
a year ago, said it dodged the latest
attack before the systems were encrypted. Even so, the town lost a day
restoring the services from back-ups.
“We did not get to the point of like Atlanta where they
actually held us [for] ransom,” Donald Anderson, Cornelia’s City Manager, told AccessWDUN.
“We were able to go back to our off-storage back-ups to the day before and get
us up and running, but it did shut us down for a day.”
From what the authorities said so far, all three attacks
managed to pass through whatever software protection was in place, and the two
earlier attacks shut down some systems for several days. Now, the city is
looking to pay for a firewall and all of the support that it entails, for the
next five years, as the previous solution was 10 years old.
Cornelia’s relatively quick recovery from the attacks is
not the norm in ransomware incidents. When criminals get a foothold, they
encrypt drives and paralyze the activity of any institution. The good news is
that even small towns like Cornelia are realizing the value of online security
as opposed to the damages that would incur.