Ransomware Hits Tennessee City

Written by

The Tennessee city of Knoxville has been forced to shut down its computer network after falling victim to a ransomware attack.

Cyber-criminals mounted their attack on the county seat of Knox County in the early hours of Thursday, June 11. No information has been shared so far on how threat actors were able to compromise Knoxville's system. 

The city's chief operating officer, David Brace, said digital forensic experts had been called in to investigate the breach and pinpoint the weak point through which threat actors gained access. 

While no information has been released regarding what files were encrypted in the attack, Brace assured the public that no financial or personal information had been compromised. 

City spokesman Eric Vreeland said that since no credit card information is stored by the city, people who have made any online reservations of city facilities are not believed to be at risk following the attack.

While acknowledging that the attackers had issued a monetary demand to the city, Brace was close-lipped over how much cash was involved.  

"They’ve asked for a ransom, and that’s it," Brace told 10News.

After detecting the attack, which took place around 4:30 am, the city's IT staff shut down the computer network to minimize damage and isolate the malware. Brace said the city was soldiering on, accessing the information it needed via backup servers. 

As a result of the attack, emergency services in the city are experiencing technical issues. Knoxville Fire Department spokesman D.J. Corcoran said email communications between personnel might suffer, though the department's ability to respond to fires was thankfully not affected.

Knoxville Police Department spokesman Scott Erland said the impact of the ransomware incident had been felt by the city's men and women in blue, who are currently unable to take reports on any traffic crashes that don't involve an injury or an inoperable vehicle blocking a roadway. 

Erland said: "Those needing a report should do so through their insurance provider. No additional city services or patrol functions have been impacted. The KPD will advise once normal operations are resumed."

Both the Federal Bureau of Investigation and the Tennessee Bureau of Investigation have been informed of the ransomware attack.

What’s hot on Infosecurity Magazine?