City Of Tulsa Hit By Ransomware, Not Paying The "Terrorists"

City Of Tulsa Hit By Ransomware, Not Paying The “Terrorists”

Ransomware attackers hit another US city. The city of Tulsa, Oklahoma, with a population of 766,000, is a new public sector victim. 

“All of our computer systems – with a few exceptions – are down right now,” Michael Derringer, the city’s CIO, said at the press conference.

The city has started recovery processes vowing to not engage with the attackers:

“We’re not going to pay any ransom,” Tulsa Mayor G.T. Bynum said at a press conference. “Know that your tax dollars are not going to go into the hands of criminals.”

The city first announced the attack via its Facebook page. Since then, restoration work has been in full swing. The attack didn’t impact emergency services. Police and fire services remain fully functional. But multiple IT systems have been disrupted. The police, for example, can’t offload data from their body cameras since Wi-Fi is down. City residents can’t pay bills, such as their water bills, but the city has postponed any due payments until five days after billing systems are restored.

In the meantime, the city’s mayor said they are not going to “pay a nickel” to attackers. 

“We have strong systems in place here at the city of Tulsa, and we have no inclination to negotiate with cyber terrorists,” he said. “We’re not embarrassed to publicly say when we’ve been a victim, and you’re not going to get hush money from us for that, and we’re not going to pay to get our systems restored more quickly, when we can go through and do it ourselves.”

Tulsa joined other U.S. cities like Atlanta, Baltimore, New Orleans and others that have been attacked by ransomware gangs using locking malware and demanding ransoms. 

Tulsa officials did not name the ransomware operation that hit the city and never communicated with the attackers. 

“They wanted to talk with us about what it would be for them not to announce it, and we never engaged them,” Bynum told reporters on Thursday. “We just announced it ourselves.”

Although, it seems fitting to “name and shame” the gang since they’ve failed at their extortion attempt.

Investigators believe attackers did not manage to steal any data. 

“At this time, there’s no evidence of any data breach, where data has left our network,” Derringer said.

The city involved federal law enforcement agencies to assist with the restoration and investigation. IT staff are working 12-hour shifts, around the clock, to get systems running again.

“While some systems may take weeks to restore, mission-critical systems are a priority,” Derringer said.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.