City of Knoxville shuts down network after ransomware attack
The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city's offices.
Knoxville has a population of over 180,000, it's Tennessee's third-largest city after Nashville and Memphis, and it's also part of the Knoxville Metropolitan Statistical Area, with a reported population of almost 870,000 in 2015.
Full network shutdown
Computers on Knoxville's network were encrypted overnight, with the attack being noticed by employees of the city's fire department around 4:30 AM, June 11, according to Chief Operations Officer David Brace.
"Please be advised that our network has been attacked with ransomware," a notice sent to city employees on Thursday morning reads.
"Information Systems is currently following recommended protocols. This includes shutting down servers, our internet connections, and PCs. Please do not log in to the network or use computer applications at this time."
While the City of Knoxville official website was still down at the time this article was published, Knox County government computer operations have not been affected in the attack.
City Court sessions have also been canceled after the ransomware attack and the computer network shut down, with court dates to be reset once the systems are restored.
The city's Fire Department and Police Department operations are not affected following the incident according to spokesmen D.J. Corcoran and Scott Erland, but personnel cannot access the city's network.
No personal information was stolen
"No credit card information is stored by the City, so individuals who have made any online reservations of City facilities are not believed to be at risk," Knoxville spokesman Eric Vreeland told WBIR.
Knoxville: No personal info accessed in ransomware attack on city offices.
Chief Operating Officer David Brace made it clear, no personal information was accessed.
I'll have the latest on #WATE @ starting at 4 on @6News pic.twitter.com/lPXksVAXMv
— Madisen Keavy (@madisenkeavy) June 11, 2020
The city reported the ransomware attack o the Federal Bureau of Investigation (FBI) and is currently working with the Tennessee Bureau of Investigation as part of an ongoing incident investigation.
"City offices and services are open and available as usual, though visitors to City offices may encounter some inconveniences," a city spokesperson told WATE 6. "City departments are adjusting accordingly to address the needs of residents and businesses.”
Chief Operations Officer David Brace said that the threat actors behind this attack have also asked for a ransom to be paid per knox news, but he refused to give the exact amount.
Knox County Mayor also issued a statement on the city's ransomware attack on Twitter saying that "[c]yber attacks can happen to anyone or any government no matter how good the defense is. In a lot of cases it’s not a matter of if but a matter of when."
At the moment, the ransomware group responsible for this attack is still unknown but we will update the article as soon as we have more information.
Knox County was affected by another cyberattack in May 2018 when the Knox County Government in Knoxville had some of its servers knocked offline during a local election following a distributed denial-of-service (DDoS) attack.
Tonight, Our web servers suffered a successful denial of service attack. Election results were not affected, as our election machines are never connected to the Internet. Our staff is working to contain the attack & continue releasing election returns at https://t.co/aH2Pdne56k.
— Knox Co. Government (@KnoxGov) May 2, 2018
Gloss