ATLANTA — Atlanta police officers initially had to write reports by hand. Residents still can’t pay water bills online. Municipal court dates are being reset. All are fallout from a ransomware attack last week that hobbled the city’s invisible infrastructure.

Another ransomware attack hit Baltimore’s 911 dispatch system over the weekend, prompting a roughly 17-hour shutdown of automated emergency dispatching. The Colorado Department of Transportation suffered two attacks just over a month ago. And the North Carolina county that’s home to Charlotte totally rebuilt its system after an attack.

For cash-strapped local governments, paying for robust protection against the invisible menace of a cyberattack can be a hard sell. But cyberattacks continue to proliferate, and experts say preparation and strong defensive measures are necessary to avoid the crippling effects.

“As elected officials, it’s often quite easy for us to focus on the things that people see because, at the end of the day, our residents are our customers,” Atlanta Mayor Keisha Lance Bottoms said at a news conference Monday. “But we have to really make sure that we continue to focus on the things that people can’t see, and digital infrastructure is very important.”

Although it’s vital to make sure systems are up to date and have the latest patches, malware evolves so quickly that experts also stress the importance of comprehensive backups and a quick response when an attack does happen.

“I don’t think any security is flawless,” said Craig McCullough, a vice president at security firm Commvault.

Governments, public agencies and companies need to know what data they have and make sure it’s backed up. Software and hardware can be replaced, but data is much more difficult, McCullough said.

A quick response can help minimize the damage, said Dmitri Alperovitch, chief technology officer of security firm Crowdstrike. If a threat is detected immediately after it enters the network — for example, when someone clicks on a link in a phishing email or through a vulnerable server — it might be possible to stop before it spreads beyond the initially infected computer, he said.

Atlanta officials won’t say whether they’ll pay the $51,000 ransom, though Bottoms has said all options are on the table. Mike Cote, president of Secureworks, a security firm hired by Atlanta, has said they know who’s behind the attack but aren’t releasing that information.

Cybersecurity experts say the attack is consistent with the SamSam group, which is known as a sophisticated attacker and negotiator, said Jake Williams, founder of security firm Rendition Infosec.

Unlike other ransomware that might raise alarms upon infection, SamSam compromises machines without immediately locking up their files. That access is then used to spread through the network “before they press the encrypt button,” Williams said.

He said he tells clients they must make a business decision on whether to pay. He acknowledges that can be more difficult for governments, whose rules might block them from spending public funds on extortion.

Although Atlanta’s critical physical infrastructure — including the city’s airport, emergency response systems and water safety and treatment — were not directly affected, other departments are operating manually and some services have been suspended. Nuisances at first, issues caused by the outages could have compounded effects if they persist.

——

Associated Press writer Matt O’Brien in Providence, Rhode Island, contributed to this report.