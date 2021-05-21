Law enforcement officials have identified the source of the recent ransomware attack on the city but are not releasing the information at this time, Mayor G.T. Bynum said Thursday.
“Thanks to some really, I think, outstanding work by federal law enforcement personnel, we know who did this,” Bynum said. “They are under federal investigation, so I can’t say who they are now.”
City officials have said previously that the cyber attack likely occurred April 21, and that the malware lay dormant for some time before it was detected May 6. The city immediately shut down its computer system.
“Every system in the city is being scanned for damage because an attack like this can spread quickly,” said Chief Information Officer Michael Dellinger. “So we are testing every system, every server, every computer, every end point to ensure that we have a clean network.”
The exact entry point of the breach has not been identified and continues to be under investigation, officials said.
Dellinger said some systems could be up within a couple of weeks but that it could be a month before the city’s entire computer system is restored.
“At this time there is no evidence of any data breach, or data have left our network,” Dellinger said.
The Police Department on Thursday announced that its online records management and body camera systems are temporarily down following damage assessments made by the city’s Information Technology team.
In a statement, the department said the city is working diligently to restore the systems, which store and process in-car and body-worn camera data.
“In the interim, Tulsa Police personnel may not be wearing body cameras or operating their in-car camera system through this period of restoration,” the statement read in part. “Body cameras, including the records management system, are top priorities for restoration as both systems work hand in hand to provide transparency for both citizens and police officers.”
Speaking during an afternoon press conference, Bynum clarified the situation, saying the cameras still work but that uploading data off them has become a problem because the city’s Wi-Fi system is down.
“The IT department is working with TPD to upload all of the data off of those cameras, just utilizing different processes, and get them back in the field,” Bynum said. “Our goal is to have them back to being fully deployed here in the next seven to 10 days.”
Bynum assured Tulsans that police and firefighters continue to do their work in the field, but not as quickly as they would like.
“First responders in Tulsa were responding to emergencies long before computers were widely used,” he said.
City officials last week did not rule out the possibility that the cyber attack could be associated with the malware that shut down Colonial Pipeline’s major fuel pipeline in the southeast U.S.
Colonial reportedly paid $4.4 million to the hackers who infiltrated its system, according to the Associated Press, citing a Wall Street Journal report.
The cyber attackers initially told the city of Tulsa to contact them about a ransom payment or they would go public with the hack, Bynum said.
Instead, the city never got back to them and announced the attack itself.
“We are not going to pay any ransom,” Bynum said. “The tradeoff of not rewarding victimization is it takes time to go through all of our systems and make sure they are clean before they are restored.”
Bynum said the easiest way to reach the city is by calling 3-1-1 or to go to the city’s website at cityofTulsa.org.
He also reminded Tulsans that water service will not be turned off because a customer cannot make his or her automatic payment.
The Tulsa Metropolitan Utility Authority recently passed a resolution stating that there would not be any water cut-offs until five days after electronic payment capacity is restored, Bynum said.