UPDATE, June 25, 2020: The City of Knoxville, TN has remained tight-lipped on the details of its cyberattack mitigation following a June 11 ransomware attack on the city's services. While only some operations remain compromised — including the use of police cruiser computers — the city has declined to comment on if it will pay the undisclosed ransom demand, the Knox News reports.
The city confirmed earlier this week it has "data-recovery insurance," Knox News reports, while Knox County has a separate cyber insurance policy. It is unclear which cyber policy the jurisdictions have and how they'll be used.
Dive Brief:
- The City of Knoxville, TN has shut down its IT network after a ransomware attack last week infiltrated its systems.
- Local officials believe the attack was caused by an employee mistakenly opening a phishing email, but was not detected until it had infiltrated multiple systems. The attack forced staff to shut down servers and workstations, and disconnect from the internet, resulting in downtime for online city services and the court. It does not appear financial or personal information was compromised, however an undisclosed ransom demand has been made, chief operating officer David Brace confirmed to WBIR.
- The Knoxville Police Department was also impacted. The department tweeted on Thursday afternoon that officers would temporarily not respond to traffic crashes "unless there is an injury or disabled vehicles are blocking the roadway." The department has not yet said whether normal service had been resumed.
Due to technical issues as a result of the City of Knoxville ransomware attack, KPD officers will temporarily not be responding to traffic crashes unless there is an injury or disabled vehicles are blocking the roadway.
— Knoxville Police TN (@Knoxville_PD) June 11, 2020
Dive Insight:
Ransomware attacks on local governments have grown in regularity in recent years. Atlanta, Baltimore and New Orleans have seen their systems crippled by such attacks, which can often be the result of something as innocuous as an employee opening a phishing email.
During the U.S. Conference of Mayors' Annual Meeting in July 2019, more than 200 mayors signed a resolution to not pay ransom in the event of a cyberattack. Yet a March report from Deloitte said some cities may find paying hackers to restore their systems as the "only logical solution" when compared to the costs of self-recovery.
The coronavirus pandemic has made it simultaneously more important and more difficult for cities to secure their systems, especially as many employees work remotely instead of in city hall where security protocols can be closely reviewed and enforced. Michael Lake, president and CEO of the nonprofit Leading Cities, told Smart Cities Dive in an interview earlier this year that each device utilized in this time "is just one more additional point of vulnerability for any city."
Knoxville-area officials echoed similar warnings about government vulnerabilities to cyberattacks. Knox County, TN Mayor Glenn Jacobs said it has been a priority to "harden our defenses," and while shared services between the city and county do not appear to have been impacted by this ransomware attack, IT staff will work carefully to bring systems back online.
"Cyber attacks can happen to anyone or any government no matter how good the defense is," Jacobs said in a statement. "In a lot of cases it's not a matter of if but a matter of when."
ZDNet reports that a more thorough investigation is underway, with the help of the local FBI office and other law enforcement authorities. Brett Callow, a threat analyst at internet security company Emsisoft, told the Knoxville News Sentinel it could take local officials several weeks to determine the full impact of the attack.
