City of Knoxville shuts down IT network after ransomware attack

A ransomware attack that targeted the offices of the City of Knoxville, Tennessee, forced to shut down its entire computer network.

The city of Knoxville, Tennessee, has shut down its computer network following a ransomware attack.

The attack took place in the night between June 10 and June 11, the malware encrypted multiple systems in the IT network.

According to Chief Operations Officer David Brace, the attack has been discovered by employees of the city’s fire department around 4:30 AM, June 11. Brace said The Tennessee Bureau of Investigation and the Federal Bureau of Investigating is investigating into the incident.

Knoxville is the third-largest city in Tennessee, after Nashville and Memphis, and has a population of over 180,000.

“The City of Knoxville computer networks have been attacked by ransomware, according to an email sent to city employees.” reported WVLT.

“Please be advised that our network has been attacked with ransomware,” said the notice sent Thursday morning. “Information Systems is currently following recommended protocols. This includes shutting down servers, our internet connections, and PCs. Please do not log in to the network or use computer applications at this time.”

“Cyber attacks can happen to anyone or any government no matter how good the defense is. In a lot of cases it’s not a matter of if but a matter of when. Our IT department has been in contact with the city and we stand ready to help if they need it.” – @GlennJacobsTN pic.twitter.com/34g5ljtGql— Knox Co. Government (@KnoxGov) June 11, 2020At this time, the website of the City of Knoxville is still down and the City Court sessions have also been canceled. The city’s Fire Department spokesmen D.J. Corcoran and Scott Erland said that both Fire Department and Police Department operations are not affected following the security breach, but employees cannot access the city’s network.

A city spokesperson confirmed that City offices and services are open, though citizens may encounter some inconveniences.

COO David Brace pointed out that no personal information was accessed during the attack. The City will use backup to resume operations, the good news is that backup servers were not affected.

“No credit card information is stored by the City, so individuals who have made any online reservations of City facilities are not believed to be at risk,” Knoxville spokesman Eric Vreeland told WBIR.

Operators behind the attack have already asked the payment of a ransom, but the City’s administration will not pay it.

“Brace said the attackers have requested a ransom payment to free city files they control, but he declined to reveal the amount or speak about the process other than to say forensic analysists and risk management consultants are working with law enforcement to resolve the issue.” reported Knox News.

“Ransomware is we lock your stuff down and (you) give us money to get your stuff back,” he said. “It’s not good. That’s exactly what has happened, and our experts are working on that and how to tackle it.”

It is still unclear which is the malware family that infected the systems of the City.

Small cities are a privileged target for ransomware operators, it is quite easy for them to infect their systems.

Other US cities that suffered similar incidents are Atlanta, Denver, New Orleans, Baltimore, Ocala, Naples, Lake City, Riviera Beach City, Pensacola City, Jackson County, Racine, and Palm Beach.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
});
}
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Knoxville, ransomware)

The post City of Knoxville shuts down IT network after ransomware attack appeared first on Security Affairs.