Tulsa Mayor GT Bynum said nearly all of Oklahoma City’s computer systems remained offline Thursday as it slowly recovered from a ransomware attack on its network two weeks earlier.
Michael Dellinger, chief information officer for Oklahoma’s second-largest city, added that it may take a month to restore some of the less critical systems that are currently offline.
The update from Tulsa officials came during a press conference held to discuss the ransomware attack, which Dellinger said was similar to the one that recently forced the closure of the Colonial Pipeline.
Ransomware, a type of malicious software, generally renders an infected computer inoperable. Victims are then asked to pay a ransom to regain access, often in the form of hard-to-trace cryptocurrencies.
Bynum said Tulsa previously invested in cybersecurity infrastructure that allowed the city to detect and isolate the attack before it could escalate to the point of requesting a specific ransom.
“Their initial threat was to seek a ransom or that they would announce that our servers had been hacked,” said Bynum, a Republican serving his second term as mayor of Tulsa.
“We didn’t make any contact with them and we did their job for them by announcing it on our own,” Bynum said. “And we are not going to pay any ransom.”
Despite the failure of cyber-extortionists to seize Tulsa’s systems, public services were generally disrupted because the city had to disconnect and inspect every node on its network.
“Every system in the city is being scanned for damage because an attack like this can spread rapidly,” Dellinger said. “So we’re testing every system, every server, every computer, every endpoint, to make sure we have a clean network before we bring it back online.”
When asked by a reporter how computer disruption affects the cameras used by Tulsa police officers, Bynum said nearly all of the city’s systems have been offline for two weeks since the attack was detected.
“All of our computer systems, with a few exceptions, are down right now,” Bynum said. “So the body cameras are still working, but the challenge with them is that we have had to change the way we upload the data from them.”
Mr. Dellinger said he expects several critical systems needed by the city to be back online in the coming days, but added that some systems can take weeks to “up to a month” to fully restore.
“At this time there is no evidence of any data breach where the data has left our network,” he added.
Bynum said federal authorities have identified the attacker and are investigating the incident. The FBI did not immediately respond to a request for comment.
Tulsa learned of the ransomware attack on May 6, the mayor told reporters. Colonial Pipeline, one of the largest fuel pipelines in the United States, said it learned it was attacked on May 7.
The attack on the pipeline was followed by fuel shortages along the east coast, where the pipeline ships feed, and prompted urgent reactions from various state and federal agencies.
Colonial Pipeline CEO Joseph Blount confirmed this week that he authorized a ransom payment worth about $ 4.5 million that was requested from his company after it became infected with ransomware.
The FBI advises victims not to pay ransomware attackers.
