Tulsa’s Online Services Suffered a Disruption
A Ransomware Attack Forced the City to Shut Down Its Systems in Order to Prevent the Spread of the Malware.
Tulsa, the second-largest city in Oklahoma, having a population of approximately 400,000 people recently became the victim of a ransomware attack.
As defined by our glossary, Ransomware is a type of malware (malicious software) that encrypts all the data on a PC or mobile device, blocking the data owner’s access to it. After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time limit for the ransom to be paid. There is no guarantee that if the victim pays the ransom, he/she will get the decryption key. The most reliable solution is to back up your data in at least 3 different places (for redundancy) and keep those backups up to date, so you don’t lose important progress.
The threat actors have deployed the ransomware attack on the City of Tulsa’s network, this action leading to the City being forced to shut down all of its systems and disrupt all online services.
We identified malware on our servers and as soon as we did that, in an abundance of caution, we shut all of our systems down.
The mayor of Tulsa declared that all employees are back to work and that fortunately, the incident did not affect any 911 related services or the emergency response.
The shutdown of City systems is, unfortunately, preventing the residents from accessing the online bill payment systems, utility billing, and other services through email, whilst the websites of the City of Tulsa, Tulsa City Council, Tulsa Police, and Tulsa 311 are at this time down for maintenance.
The City’s phone systems are up and running, therefore anyone that needs to conduct any business or get In touch with the City can do it over the phone.
The City declared that customer information has not been compromised, but it’s well known that most ransomware operations steal data before deploying their ransomware.
City of Tulsa Experiencing Technical Difficulties
The City of Tulsa is experiencing technical difficulties on many outward-facing programs that help serve the citizens of Tulsa due to a ransomware attack. No customer information has been comprised, but residents will not be able to access City websites and there will be delays in-network services.
The City’s information technology and security teams are working with a security advisor and have shut down many internal systems out of an abundance of caution. The City has redundancies in place while the network is down. The City will continue to work through the weekend to ensure all systems are safe and operational before programs are brought back online next week.
Ransomware has become a scourge on US interests, with new attacks disclosed daily and victims paying million-dollar ransoms.
Tulsa joins a long list of municipalities having to deal with ransomware attacks over the last several years, like Atlanta, Baltimore, New Orleans, Greenville, North Carolina, and many others.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
It’s unknown at this time who was behind the ransomware attack, and what type of data was compromised in it, but it might be important to note the fact that the attack came just two days after the Colonial Pipeline ransomware.