City of Knoxville internal data published online after ransomware attack
A City of Knoxville spokesperson said ransomware attackers, who are holding city data hostage, have published internal information online in an effort to put pressure on the city.
KNOXVILLE, Tenn. (WVLT) - A City of Knoxville spokesperson said ransomware attackers, who are holding city data hostage, have published internal information online in an effort to put pressure on the city to pay a ransom.
“The City of Knoxville is aware that the threat actor recently began publishing certain data acquired from the City’s computer systems as a result of the recent malware attack,” a City of Knoxville official said. “The data is being published on a site created by the threat actor to shame victims who choose not to pay the ransom and as additional leverage to seek payment of the ransom. We are working diligently, with the assistance of our third-party computer forensic specialists, to review the data published by the threat actor and confirm the full extent of data that is impacted. We appreciate your continued patience and understanding as we continue our investigation.”
The city did not release information regarding the specific nature of the data that was breached. WVLT News spoke with the head of engineering at Checkpoint Technologies, a company that provides security software. Nick Hampson said hackers are selling city employees’ personal information on the dark web, or, “Ebay for criminals,” as Hampson explains it. He said items like names, addresses, and salaries are being posted as leverage to get the city to pay.
“They’re making the right decision by not paying,” Hampson said. “Paying the ransom only encourages this industry.”
It’s an industry Hampson said has attacked several other municipalities, including Atlanta and New Orleans.
“The problem with municipalities is they are on networks more vulnerable and they have people less adaptable to this kind of attack,” he said. ”They’re not as well funded as a private organization who might have a better budget and staff to understand this problem.” And it’s a problem Hampson said isn’t going away anytime soon because it is not difficult to execute.
The hack has been causing issues for the city for several weeks, including preventing the police from accessing records or filing new reports. Knoxville Police has since said they were able to return to functioning as normal.
Hampson provided tips for anyone at home to avoid a hack.
- Do not re-use the same password for different websites, banking, shopping, or work.
- Consider disabling your credit if you’re not about to make a big purchase (like a house or car).
- “Don’t let your guard down.” Hampson said it’s tempting to click ‘sensationalized’ items in your email or on your Facebook feed.
- Consider anti-ransomware software, but be sure to always have your personal files backed up.
Copyright 2020 WVLT. All rights reserved.