City in USA left without Internet due to ransomware cyber attack

Ransomware incidents can be devastating for any individual, company or, in this case, government organization. According to specialists from a cyber security consulting company, the city of Knoxville, Tennessee, had to shut down its computer networks due to the presence of encryption malware on its systems.

The incident occurred in the early morning of June 11, so local government information security teams did not detect the intrusion until the malware had already run and spread across their networks.

As a security measure, the Tennessee IT team shut down their servers and compromised workstations. In addition, to an unprecedented extent, it was determined to cut off the internet connection of the entire city, mentioning specialists from a cyber security consulting company. This outage was experienced by all Internet users in the city, as online utilities were affected.

It should be noted that Knoxville’s emergency services (police, fire department, emergency department) were not affected by this incident, as they operate in systems away from the compromised servers. Online services in counties that share IT infrastructure did not reported fails.

Regarding work activities, public employees in the city received an email reporting the attack. The message briefly explained to employees what a ransomware attack is and they were asked not to turn on their computers, mentioned experts from a cyber security consulting company.

Through a statement, city officials mentioned that the incident could have been caused by an email sent to an employee. However, this hypothesis has not been proven, so we will have to wait for a thorough investigation to be completed; Local authorities notified the Federal Bureau of Investigation (FBI), which is already collaborating in the analysis of this cyberattack.

It is not known what malware variant was used by threat actors. In recent weeks, ransomware attack operators have resorted to the theft and exposure of sensitive information as a method of pressuring victims of these attacks, so the city government fears that some confidential files might appear on some hacking forum.  

Most ransomware attacks affect smaller cities, although from time to time malicious hacking groups dare to step up and target larger targets, such as recent attack incidents against Atlanta, Baltimore, Denver, New Orleans, among other cities.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.