December 2, 2022

City of Knoxville computer network hit by ransomware attack


According to COO David Brace, it appears that no financial or personal information has been compromised. A ransom demand was made, he said.

KNOXVILLE, Tennessee – The city of Knoxville’s computer network was hit with an overnight ransomware attack Thursday, forcing the system to shutdown and prompting the city to alert the FBI and TBI.

According to COO David Brace, no financial or personal information has been compromised.

It is not yet known how the outside operators were able to enter the city system. Brace said experts were helping the city locate where the breach occurred.

He said the city had received a ransom demand, but declined to be specific.

“They demanded a ransom, and that’s it,” Brace told 10News.

No credit card information is stored by the city, so people who have made reservations online for city facilities are not considered to be at risk, according to a notice from the city spokesperson. , Eric Vreeland.

RELATED: Beware of Ransomware: Tax Scam Season Begins Now

RELATED: Leaked Report Shows United Nations Hacked

RELATED: Breach May Have Compromised Data Of Hundreds Of Virginia Police, Chief Says

RELATED: Electronic Skimming Could Make You A Victim Of Fraud This Holiday Shopping Season

RELATED: Hackers Might Hear Your Password When You Type

RELATED: Capital One Data Breach: 100 Million People Affected in the United States

The attack had a technical impact on the Knoxville Police Department, spokesman Scott Erland said Thursday afternoon.

At this time, the KPD will not respond to reports of traffic accidents unless there are injuries or broken down vehicles block the roadway, Erland said in a statement.

“Those who need a report should do so through their insurer. No municipal service or additional patrol function has been affected. The KPD will notify once normal operations resume,” he said. -he declares.

Knoxville Fire Department spokesman DJ Corcoran said the fire response was not affected. Communications between and among staff via email could be affected, he said.

Ransomware allows hackers to use software to take control of a computer system. This is often the case with external operators who try to extort money from the operator of the system. The data is held as a “ransom” until the money is paid.

In extreme cases, some municipalities have had to pay tens of thousands of dollars to regain access to their data.

The city of Atlanta, for example, was hit by a massive attack in 2018. Hackers demanded a ransom of $ 51,000 in Bitcoin. The total cost of the recovery to the city was over $ 7 million, Mayor Keisha Lance Bottoms told a Congressional cybersecurity subcommittee last year.

‘This site cannot be reached’

Anyone attempting to access the City of Knoxville website on Thursday received a message saying, “This site cannot be reached.”

The attack did not affect the computer operations of the Knox County government.

“The city reported the attack to the FBI and the federal government’s cybersecurity team, and we are also working with the TBI,” according to Vreeland.

When the attack became apparent around 4 am-4:30am Thursday, IT staff shut down the computer network to isolate the effects “and minimize the damage.”

The city did not address the damage that could have been caused.

Some servers have been infected and are now isolated, Brace said.

But the city has backup servers, which allow it to access information as needed, he said.

The city’s offices and services continue to function. Departments make adjustments to serve residents and businesses.

According to Vreeland, “The city is also working with our risk management consultants, Willis Towers Watson, to engage the appropriate team of experts.”

As to how the hack happened, Brace said it’s still under review.

This often happens through phishing, for example when a fake email is sent with a link to harmful software under what appears to be a legitimate name, such as someone in authority.

“That’s probably how he got into the system, but we’re working on a contract with a forensic expert to help us determine that,” Brace said.

As employees in large companies know, IT often warns workers not to open a suspicious email or an email that looks unusual.

The city does not have a specific insurance policy to cover a cyber attack, which it says is expensive. Knoxville is self-insured, he said.

He’s not sure the cost or whether the city would end up having to pay a ransom, he said. There has already been some cost to bringing in experts to help deal with the attack.

“At this point, our risk management contractor who helps us in situations like this…

Brace said the city was planning such attacks.

“We will continue to work on the plan, to solve the problem,” he said.

Employees alerted Thursday

Brace informed employees Thursday morning of the violation in an email.

It reads: “Please note that our network has been attacked by ransomware. Information systems currently follow recommended protocols. This includes shutting down servers, our Internet connections and our PCs.

“Please do not connect to the network or use any computer applications at this time. I appreciate your patience as we resolve this issue. If you have any questions, please call.”

Knox County Mayor Glenn Jacobs released a statement saying the county IT department is ready to help the city.

“Cyber ​​attacks can happen to anyone or any government, regardless of the quality of the defense,” the statement read. “In many cases, it’s not a question of if but when. Our IT department has been in contact with the city and we are ready to help them if they need it. I have insurance training. , so when I took office I was extremely concerned about cybersecurity issues, and made it a priority to harden our defenses in the event of an attack. Our IT department did an incredible job protecting the county. and I want to thank them for that. County and city share some of the same network paths, but to date we have no evidence of a compromise on our end. However, we have removed and cut the connectivity between all of our shared agencies until we are fully convinced that the issue has been contained.We will bring these paths back online one by one as soon as our cyber team feels that we have no exposure.

Source link