The city of Knoxville, Tennessee, has shut down its IT network today following a ransomware attack, CBS affiliate WVLT reported today.
The attack took place last night, between June 10 and June 11. The city's IT department did not detect the intrusion until it was too late and the ransomware had already encrypted multiple systems.
Responding to the attack, IT staff shut down impacted servers and workstations and disconnected the city's network from the internet. This resulted in downtimes for the city's internal IT network, its public website, and the network of the city's court.
Emergency services, managed by the city, such as police, the fire department, and 911 hotlines were not impacted, as they ran on separate systems. The network of Knox County, which shares some IT systems with the city of Knoxville was not impacted, the county said today on Twitter.
Knoxville city employees arriving at work this morning were greeted by an email disclosing the attack, WVLT reported. The message disclosed the ransomware attack and told employees not to log into their computers.
City officials said they're currently looking at an email opened by one of its employees as the initial entry point for the ransomware, local news site Knox News reported. However, this was merely a theory, and a more thorough investigation is currently underway, with city officials receiving help from the local FBI office.
The name of the ransomware type/group that infected the city's network is currently unknown. Recently, most major ransomware operations have also begun stealing data from infected networks, and then leaking or selling it online.
Knoxville, which is currently the 134th biggest city in the US based on population size, is just the latest in a long list of US cities that have suffered a ransomware attack.
While most ransomware attacks hit smaller cities, ransomware gangs also hit the jackpot once in a while and infect the network of a larger city, such as Atlanta, Baltimore, Denver, New Orleans -- and now, Knoxville.