The city of Tusla, Oklahoma, has undergone a ransomware infection that has forced the city to take critical services offline to protect them from the spreading virus. The attack occurred last weekend when hackers deployed a ransomware attack on the city’s network which led to a disruption of services and the decision to take further services offline. “We identified malware on our servers, and as soon as we did that, in an abundance of caution, we shut all of our systems down.” Tulsa Mayor GT Bynum told local media KRMG in an interview. The incident did not affect 911 services, and many employees are back to work.
However, the shutdown is affecting the day-to-day lives of Tusla citizens still, days later. Residents are unable to access the online bill payment system to pay their utility bills. Animal welfare, park services, and development services are also offline. The Tusla City Fire Service is using temporary numbers during the outage. Websites for the City of Tulsa, the Tulsa City Council, Tulsa Police, and the Tulsa 311 websites are also down for maintenance.
The phone systems are currently up and running, which is currently the only way to conduct business with the City.
In a Facebook post, the police department stated that customer information was not compromised. This statement is uncertain – The majority of ransomware operations steal data before deploying the malware, so some data may have been compromised.
“The City of Tulsa is experiencing technical difficulties on many outward facing programs that help serve the citizens of Tulsa due to a ransomware attack. No customer information has been comprised, but residents will not be able to access City websites and there will be delays in network services,” says a post to the Tulsa Police Department’s Facebook page.
To help combat the increasing threat of ransomware, a Ransomware Task Force has been created to analyze the problem and provide recommended solutions to lawmakers.
These solutions range from mandatory disclosure of ransom payments to an internationally coordinated effort to help organizations prevent and respond to ransomware attacks.
Ransomware Attacks On Infrastructure & Cities
Attacks on critical infrastructure have also become a significant concern in light of last week’s cyberattack on the largest US fuel pipeline by the DarkSide ransomware gang. However, Tusla has become yet another city that has been targeted by malware.
“It’s apparently the city of Tulsa’s turn. Essentially, they’ve settled on a playbook that seems to work” Tyler Moore, Tandy Professor of Cyber Security at the University of Tulsa, said.
Moore said ransomware has been around for more than a decade and these attacks tend to come from Eastern Europe and Russia.
“When Bitcoin came along, they found an easy way to actually monetize that and target, you know, random cities in America,” Moore said.
Ransomware gangs scan thousands of computer networks at any given time, searching for vulnerabilities. The malware could spread by clicking on an email, but Moore said more often than not, attackers capitalize on a weakness.
“It’s actually kind of scary, but the victims are selected by their willingness to pay,” Moore said.
He said cities are targeted because many are insured. The list of attacks is growing from Baltimore to Atlanta, and even smaller towns like Okema a few months back. Victims have a decision to make: to pay or not to pay. Something that would’ve cost thousands four or five years ago, may cost hundreds of thousands today. Moore said most of the time it’s paid, especially if the data is super sensitive.
“That just encourages the gangs to go target the next group,” Moore said.
Moore said the problem is preventable.
“Invest in cyber hygiene, ensure that software’s up to date, you have adequate backups, that your backups are kept offline,” Moore said.
Moore said it’s an encouraging sign the City of Tulsa took several computer systems offline, suggesting those systems have not been directly impacted by the ransomware.
Protection
Attacks like these are preventable, as Moore stated. Reactive tools act when it is far too late, which is why the key to prevention is using proactive tools. One of these tools is SaferNet.
SaferNet is the perfect solution to the cybersecurity issues that individuals, families, and businesses face today. It not only connects every device using a secure, 24/7 always on, military grade VPN, but it also stops outside cyberthreats, malware and viruses as well. On SaferNet, all users are protected anywhere in the world, all the time, on any cellular or Wi-Fi network. In addition to SaferNet’s VPN and cyber protection, it also offers a range of employee or parental/family internet controls including internet filtering, monitoring, scheduling, and blocking access to websites or even entire website categories
Typically, a business or family would need 3 separate services for a VPN, Malware Protection, and Internet Controls; SaferNet offers all 3 features in one service. SaferNet truly is an endpoint security presence that can be implemented in minutes around the world, on phones, laptops, tablets, and computers at an economical price point that caters to all sizes of businesses and families. SaferNet guarantees a smooth setup and installation process that takes only minutes, and an easily accessible control hub for you to monitor all your employee’s or family members devices; including activity, time spent online, and threats blocked.