Tulsa Mayor G.T. Bynum said nearly all of the Oklahoma city’s computer systems remained offline Thursday as it slowly recovers from a ransomware attack waged against its network two weeks earlier.
Michael Dellinger, the chief information officer for Oklahoma’s second-largest city, added it may take a month to restore some of the less critical systems currently offline.
The update from Tulsa officials came during a news conference held to discuss the ransomware attack, which Mr. Dellinger said was similar to the one that recently forced the shutdown of the Colonial Pipeline.
Ransomware, a type of malicious software, usually renders an infected computer inoperable. Victims are then asked to pay a ransom to regain access, often in the form of hard-to-trace cryptocurrency.
Mr. Bynum said Tulsa previously invested in cybersecurity infrastructure that allowed the city to detect and isolate the attack before it could escalate to the point of a specific ransom being requested.
“Their initial threat was seeking ransom or that they would announce that they had hacked our servers,” said Mr. Bynum, a Republican serving his second term as the mayor of Tulsa.
“We made no contact with them whatsoever and did their job for them by announcing it on our own,” Mr. Bynum said. “And we’re not going to pay any ransom.”
Despite cyber-extortionists failing to seize Tulsa‘s systems, public services across the board were disrupted because the city had to disconnect and inspect each node in its network.
“Every system in the city is being scanned for damage because an attack like this can spread quickly,” Mr. Dellinger said. “So we are testing every system, every server, every computer, every endpoint, to ensure that we have a clean network before we bring it back online.”
Asked by a reporter about how the computer outage affects the cameras worn by Tulsa police officers, Mr. Bynum said nearly every system in the city remains offline two weeks since the attack was detected.
“All of our computer systems with a few exceptions are down right now,” Mr. Bynum said. “So the body cameras still work, but the challenge with them is we’ve had to change the way we upload the data off of them.”
Mr. Dellinger said he expects several critical systems needed by the city will return online in the coming days, but he added some systems may take weeks to “up to a month” to fully restore.
“At this time there’s no evidence of any data breach where data has left our network,” he added.
Mr. Bynum said federal authorities have identified the attacker and are investigating the incident. The FBI did not immediately respond to a request for comment.
Tulsa became aware of the ransomware attack on May 6, the mayor told reporters. Colonial Pipeline, one of the largest fuel pipelines in the U.S., said it learned it was attacked on May 7.
The pipeline attack was followed by fuel shortages along the East Coast, where the pipeline ships fuel, and triggered urgent reactions from a number of state and federal agencies.
Colonial Pipeline CEO Joseph Blount confirmed this week that he authorized a ransom payment worth about $4.5 million that was requested from his company after it became infected with ransomware.
The FBI advises victims against paying ransomware attackers.