Over the weekend the city of Tulsa, Oklahoma suffered a ransomware attack, bringing several systems down including online bill payment systems and city email services. Fortunately, the attack did not affect 911 or emergency services. According to BleepingComputer, websites including the City of Tulsa, the Tulsa City Council, Tulsa Police, and the Tulsa 311 websites are also down. Tulsa is now one of many cities and municipalities affected by the devastating impact of ransomware. The United States will likely start looking inward to increase resources to help local governments deal with the growing problem of ransomware against public and private entities.
In the shadow of the ransomware attack against the Colonial Pipeline, ransomware has caught the American public’s attention in a way not seen previously. Whether it is dealing with the repercussions of the takedown of critical infrastructure or making paying utility bills difficult, the effects of ransomware can impact almost every aspect of life here in the US. The cost it has for the US will likely not go unanswered, and developments on how to deal with ransomware broadly will be seen in the months to come. In the meantime, local governments can take lessons from other incidents to prevent and prepare for recovery from ransomware attacks. Having a robust backup and restore capability is the foundation of a resilient IT administration program. It is also important to implement 24/7 monitoring of computer security events and respond to alarms in time to stop intrusions in the early stages. Quite often, all the signs of an attack in progress are available in the event logs, but if nobody is watching and interpreting the events, these important warnings don’t do any good to prevent disaster.