Atlanta officials have disclosed few details about the episode or how it happened. They have urged vigilance and tried to reassure employees and residents that their personal information was not believed to have been compromised.

Dell SecureWorks and Cisco Security, which are still working to restore the city’s systems, declined to comment on the attacks, citing client confidentiality.

Ms. Bottoms, the mayor, has not said whether the city would pay the ransom.

The SamSam group has been one of the more successful ransomware rings, experts said. It is believed to have extorted more than $1 million from some 30 target organizations in 2018 alone.

It is not ideal to pay up, but in most cases, SamSam’s victims have said that they can more easily afford the $50,000 or so in ransom than the time and cost of restoring their locked data and compromised systems. In the past year, the group has taken to attacking hospitals, police departments and universities — targets with money but without the luxury of going off-line for days or weeks for restoration work.

Investigators are not certain who the SamSam hackers are. Judging from the poor English in the group’s ransom notes, security researchers believe they are probably not native English speakers. But they cannot say for sure whether SamSam is a single group of cybercriminals or a loose hacking collective.

Ransomware emerged in Eastern Europe in 2009, when cybercriminals started using malicious code to lock up unsuspecting users’ machines and then demanding 100 euros or similar sums to unlock them again. Over the past decade, dozens of online cybercriminal outfits — and even some nation states, including North Korea and Russia — have taken up similar tactics on a larger scale, inflicting digital paralysis on victims and demanding increasing amounts of money.

Cybersecurity experts estimate that criminals made more than $1 billion from ransomware in 2016, according to the F.B.I. Then, last May, came the largest ransomware assault recorded so far: North Korean hackers went after tens of thousands of victims in more than 70 countries around the world, forcing Britain’s public health system to reject patients, paralyzing computers at Russia’s Interior Ministry, at FedEx in the United States, and at shipping lines and telecommunications companies across Europe.