KNOXVILLE, Tennessee — With at least some city departments feeling the effects of a ransomware attack, Knoxville leaders say they're working around the clock and will keep at it this weekend in hopes of getting computer systems back to normal.
David Brace, chief operating officer, said the goal is for most internal systems to be running as usual early next week. After Thursday's ransomware attack, city information technology staff shut down the network and switched to backup computers.
The city told 10News no financial or sensitive personal employee information appears to have been compromised, but some operations are feeling the effects.
At a minimum, because of "technical issues" related to the computer attack, the Knoxville Police Department isn't responding to reports of non-injury crashes. Drivers are asked to have a report prepared through their insurance provider.
KPD couldn't access the system to release a police report number for 10News on Friday.
Other departments are having to work "creatively," according an email sent to city employees, with access to desktops and the network at least temporarily halted.
The FBI, which now routinely gets involved in such cyber attacks, is investigating. A spokesman declined to say what's happening with the investigation. A TBI spokeswoman said the agency is assisting the FBI and referred questions to it.
Brace told employees Friday in a note that "Chief Technology Officer Mark Parker has the full support of the FBI and the TBI as well as our own specialist at KPD. Based on advice from our risk management consultant - Willis Towers Watson - the city has engaged with the specialty law firm of Mullen Coughlin along with other experts in this field."
The attackers likely got in through a phishing email with an attachment that was mistakenly opened, allowing access to the city network.
They've asked the city for a ransom, but Brace declined Thursday to tell 10News what is it. Often they ask for thousands of dollars in cryptocurrency before they'll release a hostage system.
The FBI advises against paying a ransom. For one thing, there's no guarantee the target will actually get its data back.
The FBI offers these tips to thwart attacks:
- Keep operating systems, software, and applications current and up to date.
- Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans.
- Back up data regularly and double-check that those backups were completed.
- Secure your backups. Make sure they are not connected to the computers and networks they are backing up.
- Create a continuity plan in case your business or organization is the victim of a ransomware attack.