KNOXVILLE, Tennessee — The city of Knoxville's computer network was hit Thursday with an overnight ransomware attack, forcing a shutdown of the system and prompting the city to alert the FBI and TBI.
According to COO David Brace, no financial or personal information has been compromised.
It's not clear yet how outside operators were able to get into the city system. Brace said experts were helping the city locate where the breach occurred.
He said the city has gotten a ransom demand, but he declined to be specific.
"They’ve asked for a ransom, and that’s it," Brace told 10News.
No credit card information is stored by the city, so people who have made any online reservations of city facilities are not believed to be at risk, according to a notice from city spokesman Eric Vreeland.
The attack has impacted the Knoxville Police Department from a technical standpoint, spokesman Scott Erland said Thursday afternoon.
KPD for the moment won't respond to take reports on traffic crashes unless there is an injury or disabled vehicles are blocking the roadway, Erland said in a statement.
"Those needing a report should do so through their insurance provider. No additional city services or patrol functions have been impacted. The KPD will advise once normal operations are resumed," he said.
Knoxville Fire Department spokesman D.J. Corcoran said fire response was not affected. Communications between and among personnel by email might be affected, he said.
Ransomware allows hackers to use software to take control of a computer system. It's often done by outside operators trying to extort money from the system operator. Data is held in "ransom" until money is paid.
In extreme cases, some municipalities have had to pay tens of thousands of dollars in order to get back access to their data.
The city of Atlanta, for example, was hit by a massive attack in 2018. Hackers demanded a $51,000 ransom in Bitcoin. The total cost in recovery for the city was more than $7 million, Mayor Keisha Lance Bottoms told a congressional subcommittee on cybersecurity last year.
'This site can't be reached'
Anyone trying to access the city of Knoxville website Thursday got a message that read, "This site can't be reached."
The attack has not affected Knox County government computer operations.
"The city has reported the attack to the FBI and the federal government’s cybersecurity team, and we are also working with the TBI," according to Vreeland.
When the attack became apparent about 4-4:30 a.m. Thursday, IT staff shut down the computer network to isolate the effects "and minimize damage."
The city didn't address just what damage may have been done.
Some servers have been infected and are now isolated, Brace said.
But the city has back-up servers, so it can access information as needed, he said.
City offices and services continue to operate. Departments are making adjustments to serve residents and businesses.
According to Vreeland, "The city also is working with our risk management consultants, Willis Towers Watson, to engage the appropriate team of experts."
As for how the hack happened, Brace said that's still being reviewed.
It often happens through phishing, such as when a bogus email is sent out with a link to damaging software under what appears to be a legitimate name -- like someone in authority.
"That is probably how it entered the system, but we are working thorough a contract with a forensics expert to help us determine that," Brace said.
As employees of bigger firms know, IT often warns workers not to open any suspicious email or email that appears unusual.
The city doesn't have a specific insurance policy to cover a cyber attack, which he said is expensive. Knoxville is self-insured, he said.
He's not sure what the cost may be or if the city would end up having to pay a ransom, he said. There's already been some cost to bring in experts to help address the attack.
"At this point our risk management contractor who helps us with situations like this … they're helping us connect with the resources we need to address the rasnsomware."
Brace said the city plans for such attacks.
"We'll continue to work the plan, work the problem," he said.
Employees alerted Thursday
Brace informed employees Thursday morning of the breach in an email.
It reads: "Please be advised that our network has been attacked with ransomware. Information Systems is currently following recommend protocols. This includes shutting down servers, our internet connections and PC’s.
"Please do not log in to the network or use computer applications at this time. I appreciate your patience as we work through this issue. If you have questions, please do it hesitate to call."
Knox County Mayor Glenn Jacobs released a statement saying the county IT department is ready to help the city.
“Cyber attacks can happen to anyone or any government no matter how good the defense is," his statement reads. "In a lot of cases, it’s not a matter of if but a matter of when. Our IT department has been in contact with the city and we stand ready to help if they need it. I have an insurance background, so when I took office, I was extremely concerned about cybersecurity issues, and I made it a priority to harden our defenses in case of an attack. Our IT department has done an amazing job protecting the county and I’d like to thank them for that. The county and city do share some of the same network paths, but to date we have no evidence of any compromise on our side. However, we did pull back and sever the connectivity between all of our shared agencies until we are fully confident that the issue has been contained. We will bring those paths back online one at a time as soon as our cyber team feels that we don’t have any exposure.”