While investigators associated with the Atlanta ransomware attack have declined to say who is behind the attack–though they think they know who it is–there are strong clues that the type of ransomware used is SamSam. In deploying it, a couple mistakes may have caused it to backfire.

According to CSOonline, “An image shared with local media during the early stages of a SamSam ransomware infection in Atlanta exposed the contact portal assigned to the city by the group responsible. In addition, the image exposed wallet used by the attackers to collect ransom payments.”

Later, when the hackers were asked about their actions, the cyberattackers tried demanding payment for answers, but then just ended up deleting the contact form.

Meanwhile, the city of Atlanta has not yet indicated if they will pay the ransomware.

What leads people to believe SamSam is the ransomware used in the cyberattack on Atlanta is the wording of the ransom note. The text is not only identical to previous SamSam attacks, it also has the exact same typos.

Get the full story at CSO.