A ransomware attack that crippled the City of Atlanta in March was far worse than initially thought and could end up costing the city an additional $9.5 million, despite a ransom demand of only $51,000 to provide all the keys for affected systems given at the time.

The attack affected one-third of 424 programs used by city computers, 30 percent of which are “mission-critical,” including core city services, police and courts, Daphne Rackely, the city’s interim chief information officer told the city council on Wednesday. The request for an additional $9.5 million comes on top of the $35 million already allocated to deal with the attack.

Among the data lost in the attack includes that on all but six of the City Attorney’s office’s 77 computers and 10 years’ worth of documents, while Atlanta Police lost all of their dash cam recordings.

“That is lost and will not be recovered, so that could compromise, potentially, a DUI case if the officer’s testimony is not where it needs to be,” Atlanta Police Chief Erika Shields said about the loss of the dash cam video archives. Despite the loss, the chief added that she is not overly concerned because such footage, no matter how useful, “doesn’t make cases for us.”

Gijsbert Janssen Van Doorn, technology evangelist at Zerto Ltd., told SiliconANGLE that without data being held hostage, there is no ransom, and “that’s the technology mindset organizations, and city authorities such as Atlanta, need to adapt to protect themselves from ransomware.”

Prevention plans aren’t enough as attacks build in frequency and strength, he said, and those attacks can cause irreparable harm to brand reputation.

“Instead, organizations need to invest and create full IT resilience plans, including backup, disaster recovery and cloud mobility, allowing them to withstand both planned and unplanned disruptions while driving digital transformation,” he said. “Being able to easily and quickly recover data, like the dash cam footage, from mere seconds before it was lost or disrupted can save an organization time, money and many other types of damage.”

Katie Carty Tierney, senior director of global sales engineering at WhiteHat Security Inc., noted that the Atlanta attack highlights the need for all companies to protect against all threats.

“Ransomware is just one attack scenario,” she said. “By performing a full vulnerability assessment and fixing the issues, you can protect your company from a far larger threat landscape. If 90 percent of your fence has already fallen over, what’s the use in trying to fix a hole in the 10 percent that’s left up? You need to protect against all threats, not one specific one.”

Reflecting Van Doorn’s advice, Tierney added that “for the companies that are truly concerned about ransomware, in addition to vulnerability assessments, they can follow some easy industry best practices. Backing up data and using up-to-date encryption will help negate some of the risks of ransomware.”

Photo: Maxpixel