Contents:
Back in May, the threat actors deployed a ransomware attack on the City of Tulsa’s network. The Tulsa ransomware attack had a massive impact as the city was forced to shut down its network in order to prevent the spread of malware.
Who Is Conti ransomware?
Conti ransomware was first noticed in May 2020, and since then has undergone rapid development and is known for the speed at which it encrypts and deploys across a target system. Conti ransomware is a human-operated “double extortion” ransomware specialized in stealing and threatening tactics.
The shutdown of Tulsa’s City systems, unfortunately, prevented the residents from accessing the online bill payment systems, utility billing, and other services through email, whilst the websites of the City of Tulsa, Tulsa City Council, Tulsa Police, and Tulsa 311 were down for maintenance, this forcing the city to shut down all of its systems and disrupt all online services.
At the time of the attack, it was unknown what ransomware operation was behind the attack on Tulsa, but recently the Conti Ransomware gang took responsibility and published 18,938 of the City’s files, mainly police citations and internal Word documents.
The City of Tulsa had issued a press release warning that personally identifiable information was exposed in the leaked police citations.
Today, the City of Tulsa was made aware the persons responsible for the May 2021 City of Tulsa ransomware attack shared more than 18,000 City files via the dark web mostly in the form of police citations and internal department files. Police citations contain some Personal Identifiable Information (PII) such as name, date of birth, address, and driver’s license number. Police citations do not include social security numbers.
No other files are known to have been shared as of today, but out of an abundance of caution, anyone who has filed a police report received a police citation, made a payment with the City, or interacted with the City in any way where PII was shared, whether online, in-person or on paper, prior to May 2021, is being asked to take monitoring precautions.
How Is Tulsa Handling the Situation?
It’s important to note that the fact that the Tulsa administration is urging for anyone who has filed a police report, received a police citation, made a payment with the City, or interacted with the City in any way where PII was shared to be extra vigilant against threat actors that might be performing identity theft by using the exposed information.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
The City’s Incident Response Team and federal authorities are continuing to investigate the data breach and monitor any information being shared.
Following the cyberattack in May, the City’s main priority has been to restore critical resources and mission-essential functions, which include public-facing systems and internal communications and network access functions, as PII had not been shared. Business recovery teams had categorized and prioritized system restoration efforts and have continued their work to restore and validate business systems within the City.