City of Tulsa Struck by Ransomware Attack

Tulsa, Oklahoma, is reportedly the latest in a long line of American cities to have fallen victim to a ransomware attack.

The attack, which occurred on Friday evening, caused the city’s IT security teams to shut down many of Tula’s internal systems over the weekend “out of an abundance of caution” while they worked around the clock at the weekend in an attempt to restore operations from backups.

At the time of writing, the City of Tulsa’s official website remains inaccessible.

Few details have been shared about the nature of the ransomware attack, although speaking to the press a Tulsa spokesperson said that no employee information had been compromised by the hackers, and that 911 and emergency response teams continue to operate normally.

Tulsa residents using the city’s 311 local information service have been told to expect a longer wait time than normal due to high call volume.

There is no word on what ransom demand the criminals might have made, or whether the city of Tulsa is considering paying its extortionists or not.

There are, of course, difficult questions for cities and government departments to consider when deciding how to respond to a ransomware attack.

An obvious danger of paying a ransom demand is that you are encouraging other extortionists to launch similar attacks. If you publicly declare you are prepared to pay a ransom, that does nothing to discourage others to target you in the future.

Furthermore, a strong message is sent out to other criminals that ransomware extortion is an effective way to generate income – putting everyone on the internet at an increased risk of attack.

However, if ransoms are not paid the victim – whether it be a local government or corporation – may find themselves unable to bring systems back online in a timely fashion, and incur further financial and reputational damage.

In mid-2019, the United States Conference of Mayors (USCM) passed a resolution agreeing to oppose the paying of ransomware extortion demands.

Despite this, a number of cities have continued to choose to pay ransoms to cybercriminals, calculating that the cost will be less than that which they might incur attempting to recover systems on their own.

With luck the City of Tulsa’s ransomware attack will be recovered from in good time, and it’s possible that only a small fraction of computing systems were up and running at the time of the attack on Friday evening, perhaps limiting the scale of its impact.

Whatever happens, one hopes that lessons will be learned about how to harden systems in the future to make the chances of a future (and possibly more damaging) attack from succeeding in the future.