IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ransomware Attack Disrupts Network in Knoxville, Tenn.

The city was forced to take its network offline as a means of containing the malware attack after it was discovered Thursday morning. Officials say the incident is being investigated by state and federal authorities.

Knoxville, Tenn._shutterstock_712415545
Shutterstock/CrackerClips Stock Media
Ransomware hackers attacked the city of Knoxville, Tenn., this week, forcing officials to take the city's network offline. 

The intrusion was discovered around 4 a.m. Thursday morning by personnel with the city's fire department, said Eric Vreeland, deputy director of communications for Knoxville. 

"Basically [the firefighters] got a big blue screen that said we'd been hacked," said Vreeland, explaining that after the malware was discovered, the city's whole computer network was shut down to contain it.

"We shut it down just to try to assess where the virus was, what was compromised," he said. The city's website was also temporarily unavailable but has since been brought back online. 

City officials have speculated that the malware was delivered through a phishing email. Hackers have asked for a bitcoin payment in exchange for the encryption key, said Vreeland. 

At this point, it doesn't look like any financial information or other important data has been affected by the attack, he said. It also doesn't appear that the attack affected the city's backup servers. The city's police department, the Tennessee Bureau of Investigation and the FBI are all assisting with investigation. 

The city hopes to have its network back up and running by the beginning of next week, said Vreeland and public safety systems were mostly functioning. "There's no dispatch issues or anything like that," he said.  

Scott Erland, public information officer for the Knoxville Police Department, said that the attack hadn't impaired the majority of the department's operations, but that police were currently limiting their response to certain traffic incidents due to their digital reporting system being affected. In most cases, motorists will have to contact their insurance provider for a crash report, he said. Cases with injuries or a blocked roadway are receiving responses. 

After a brief period when successful ransomware attacks on public agencies actually went down, attack rates may be headed back into an upswing. Knoxville is only the most recent of several successful attacks on public entities over the past month: the city of Florence, Ala., recently agreed to pay $300,000 to their attackers, public universities involved in COVID-19 research have become big targets, and the Texas judiciary and Department of Transportation were also both recent victims. 

Lucas Ropek is a former staff writer for Government Technology.