Knoxville joins the club: IT network gets shut down after a ransomware

The city of Knoxville became a victim of the ransomware attack 

Knoxville forced to go offline

Knoxville forced to go offline

Knoxville, with a population of over 180,000 joined Atlanta, Baltimore, Denver, and other cities on the list with states and municipal entities that suffered ransomware attacks. The city was forced to shut down the entire computer network when the ransomware managed to attack the city’s offices overnight.[1]

The attack was noticed by employees of the fire department around 4:30 AM on June 11th, according to the reports.[2] Immediately after that city officials followed recommended protocols and sent the notice about the ransomware attack to all the employees in the morning.

All the associated employees were warned to not connect to any network or use computers at this time. All the internet connections, PCs, and servers got shut down to take care of the possible damage and tackle the infection fully. According to social media posts form city officials,[3] even court sessions have been canceled after this malware attack. Court dates should be restored after the system restoring.

Undisclosed ransomware infection not affecting personal information

Knoxville officials couldn’t disclose what is the particular ransomware that affected functions of the city but researchers and cybersecurity experts should investigate further to reveal more details about the infection. The FBI was immediately informed and city spokesperson stated:

City offices and services are open and available as usual, though visitors to City offices may encounter some inconveniences. City departments are adjusting accordingly to address the needs of residents and businesses.

As typically for cryptocurrency extortion-based malware ransomware asked for the payment, but officials refused to send the exact amount. Mayor issued[4] a statement about this attack and noted that cyber attacks can happen to anyone and the government is not immune to such incidents. There are no particular foundings that ransomware was linked with any known hacker group, or that the personal data of any citizens got revealed/accessed in any way. Credit card information is not stored by the city if you think that there are any risks.

Ransomware is not going to stop hitting governments and agencies in the US

Knoxville is not the first on the long list with US cities that have already suffered ransomware attacks.[5] It is common for such type of threat to target large cities, businesses, and companies in various industries. Ransomware creators started to target larger entities because of the bigger possibilities to get profit because malware can ask hundreds of dollars from everyday users, but demand payments of tens or hundreds of thousands from cities or service providers.

The more recent finding shows that during the year 2019, ransomware infections cost up to $7.5 billion. malware creators are not specific with their targets, but cities, healthcare industry, schools, and universities are the ones targeted the most. After these attacks, emergency services like 911 get interrupted and healthcare procedures postponed or canceled. In this day of age when everything is on the internet, going offline can significantly affect the living. Unfortunately, it is not easy to avoid ransomware-type infections:

Cybersecurity is complex and getting it right can be challenging, especially for smaller organizations. A small municipality needs a similar level of security to a large city, but has fewer human and financial resources with which to achieve it. The smaller the organization, the bigger the challenge.