CNN reports on the FBI opening up an investigation into a ransomware attack targeting Atlanta:

Cox confirmed that the city had received a written demand related to the attack. When asked in the news conference if the city was going to pay a ransom, Bottoms said, “We can’t speak to that right now.”

“We will be looking for guidance from, specifically, our federal partners on how to best navigate the best course of action,” she said.

The city engaged Microsoft and a team from Cisco’s Incident Response Services in the investigation, Deputy Chief Information Officer Daphne Rackley said.

When asked if the city was aware of vulnerabilities and failed to take action, Rackley said the city had implemented measures in the past that might have lessened the scope of the breach. She cited a “cloud strategy” to migrate critical systems to secure infrastructure.

“This is not a new issue to the state of Georgia, it’s not a new issue to our country. We have been taking active measures to mitigate any risk in the past.”

It sounds like Atlanta is taking appropriate actions and have modified their strategy to account for these possibilities. I am curious what vector was used in this attack, and await the findings once a forensic audit is completed.