that has affected more than 200,000 computers and caused untold havoc from China to Britain . Now , Mr. Gren and the thousands of other victims worldwide face an agonizing choice : either hand over the ransomAttack.Ransom— a figure that has climbed to $ 600 for each affected machine — by a deadline this Friday , or potentially lose their digital information , including personal photos , hospital patient records and other priceless data , forever . “ I ’ m pretty devastated , ” said Mr. Gren , 32 , a manager of an online entertainment business in Krakow , Poland , who has spent almost all of his waking hours since Friday looking for ways to reclaim his digital data . “ I ’ ve lost private files that I have no other way of recovering . For me , the damage has been huge. ” That decision has become even more difficult as cybersecurity experts and law enforcement officials have repeatedly warned people against paying the ransomAttack.Ransomahead of this week ’ s deadline . Aside from dissuading victims from handing over moneyAttack.Ransomthat may help fund further such attacks , they caution that it is not guaranteed the attackers will return control of people ’ s computers even if they payAttack.Ransomthe assailants in bitcoin , a digital currency favored in such ransomware attacksAttack.Ransomthat can be difficult to trace . Officials also note that the attackers , who have yet to been named , have provided only three bitcoin addresses — similar to a traditional bank routing number — for all global victims to deposit the ransomAttack.Ransom, so it may prove difficult to know who has paid the digital feesAttack.Ransom. This haphazard planning has led many victims to hold off payingAttack.Ransom, at least until they can guarantee they will get their data back . So far , roughly $ 80,000 has been depositedAttack.Ransominto the bitcoin addresses linked to the attackAttack.Ransom, according to Elliptic , a company that tracks online financial transactions involving virtual currencies . F-Secure , a Finnish cybersecurity firm , has confirmed that some of the 200 individuals that it had identified , who had paid the ransomAttack.Ransom, had successfully had their files decrypted . Yet that represented a small fraction of those affected , and the company said it still remained unlikely that people would regain control of their computers if they paid the online feeAttack.Ransom. The tally of ransom paymentsAttack.Ransommay rise ahead of Friday ’ s deadline , but cybersecurity experts say the current numbers — both total ransom money paidAttack.Ransomand machines decrypted — are far short of early estimates forecasting that the digital attack may eventually cost victims hundreds of millions of dollars in combined ransom feesAttack.Ransom. “ I predict this may be an epic failure , ” said Kim Peretti , a former senior litigator in the Department of Justice ’ s computer crime and intellectual property division who now is co-chairwoman of the cybersecurity preparedness and response team at Alston & Bird , an international law firm . “ Because of the publicity of this attack and the public ’ s awareness of people potentially not getting their files back , the figures aren ’ t as high as people had first thought. ” For victims of such attacks , the potential loss of personal or business files can be traumatic . In typical ransomware cases , including the most recent hack , assailants sendAttack.Phishingan encrypted email to potential targets . The message includes a malware attachment that takes over their machines if opened . The attackers then demand paymentAttack.Ransombefore returning control of the computers , often through money paid into bitcoin or other largely untraceable online currencies .
The city has spent the past two weeks restoring online services disruptedAttack.Ransomby ransomware that held encrypted data hostage . Soon after Atlanta City Auditor Amanda Noble logged onto her work computer the morning of March 22 , she knew something was wrong . The icons on her desktop looked different—in some cases replaced with black rectangles—and she noticed many of the files on her desktop had been renamed with “ weapologize ” or “ imsorry ” extensions . Noble called the city ’ s chief information security officer to report the problem and left a message . Next , she called the help desk and was put on hold for a while . “ At that point , I realized that I wasn ’ t the only one in the office with computer problems , ” Noble says . Those computer problems were part of a high-profile “ransomware” cyberattackAttack.Ransomon the City of Atlanta that has lasted nearly two weeks and has yet to be fully resolved . During that time the metropolis has struggled to recover encrypted data on employees ’ computers and restore services on the municipal Web site . The criminals initially gave the city seven days to payAttack.Ransomabout $ 51,000 in the cryptocurrency bitcoin to get the decryption key for their data . That deadline came and went last week , yet several services remain offline , suggesting the city likely did not pay the ransomAttack.Ransom. City officials would not comment on the matter when contacted by Scientific American . The Department of Watershed Management , for example , still can not accept online or telephone payments for water and sewage bills , nor can the Department of Finance issue business licenses through its Web page . The Atlanta Municipal Court has been unable to process ticket payments either online or in person due to the outage and has had to reschedule some of its hearings . The city took down two of its online services voluntarily as a security precaution : the Hartsfield–Jackson Atlanta International Airport wi-fi network and the ability to process service requests via the city ’ s 311 Web site portal , according to Anne Torres , Atlanta ’ s director of communications . Both are now back online , with airport wi-fi restored Tuesday morning . The ransomware used to attack Atlanta is called SamSam . Like most malicious software it typically enters computer networks through software whose security protections have not been updated . When attackers findVulnerability-related.DiscoverVulnerabilityvulnerabilities in a network , they use the ransomware to encrypt files there and demand paymentAttack.Ransomto unlock them . Earlier this year attackers used a derivative of SamSam to lock up files at Hancock Regional Hospital in Greenfield , Ind . The health care institution paidAttack.Ransomnearly $ 50,000 to retrieve patient data . “ The SamSam ransomware used to attackAttack.RansomAtlanta is interesting because it gets into a network and spreads to multiple computers before locking them up , ” says Jake Williams , founder of computer security firm Rendition Infosec . “ The victim then has greater incentive to pay a larger ransomAttack.Ransomin order to regain control of that network of locked computers. ” The city ’ s technology department—Atlanta Information Management ( AIM ) —contacted local law enforcement , along with the FBI , Department of Homeland Security , Secret Service and independent forensic experts to help assess the damage and investigate the attack . The attackers set upAttack.Ransoman online payment portal for the city but soon took the site offline after a local television station published a screen shot of the ransom note , which included a link to the bitcoin wallet meant to collect the ransomAttack.Ransom. Several clues indicate Atlanta likely did not payAttack.Ransomthe attackers , Williams says . “ Ransomware gangs typically cut off communications once their victims get law enforcement involved , ” he says . “ Atlanta made it clear at a press conference soon after the malware was detected ” that they had done so . The length of time it has taken to slowly bring services back online also suggests the cyber criminals abandoned Atlanta without decrypting the city ’ s files , Williams says . “ If that ’ s the case , the city ’ s IT staff spent the past week rebuilding Atlanta ’ s online systems using backed-up data that had not been hitAttack.Ransomby the ransomware , ” he says , adding that any data not backed up is likely “ lost for good. ” “ If the city had paid the ransomAttack.Ransom, I would have expected them to bring up systems more quickly than they have done , ” says Justin Cappos , a professor of computer science and engineering at New York University ’ s Tandon School of Engineering . “ Assuming the city did not pay the ransomAttack.Ransom, their ability to recover their systems at all shows that they at least did a good job backing up their data . ”