NewsLocal News


Story behind the ransomware attack on the City of Tulsa

PHOTO: Mayor Bynum talks to 2 News Oklahoma
Posted at 9:00 PM, Jul 22, 2021
and last updated 2021-07-24 00:25:59-04

TULSA, Okla. — The City of Tulsa’s recovery from May’s ransomware attack is a slow process, but the city had systems in place that detected the attack when it started so the city could respond quickly.

It’s been a challenging few years for Mayor GT Bynum.

“We are just past two years ago where we were dealing with a historic flood and getting hit by two rounds of tornadoes during that flood. Since that time, we have had a global pandemic hit Tulsa, and a national recession hit Tulsa. We got hit with a polar vortex this winter and now a cyber-attack,” says Bynum.

That cyber-attack wreaked havoc on city systems.

“This is not some guy sitting in his parent’s basement that just happened to hit the jackpot and got through our systems,” said Bynum.

Bynum told 2 News Oklahoma when the attacker contacted the city; the IT department found its message on the city server along with its malware.

“This was very businesslike. It was... ’we have compromised your server, contact us on the dark web at this address so we can negotiate terms for you to pay a ransom. If you don’t believe we have hacked your server, here is a link to some images that you can go to and see,’” he said.

Bynum remembers getting the call.

“It was a Saturday, I believe if I remember correctly, and they gave me a call to let me know, and they immediately brought in teams from Microsoft and the FBI to help with the response,” he said.

Bynum said cyber attackers commonly target the weekend.

“What they like to do is they wait until people have gone home for the weekend, and then they initiate the attack when people won’t be at their computers and notice it happening,” he said.

The city had systems in place to detect this type of cyber-attack and a warning went off, alerting the IT teams, and they immediately started shutting everything down.

“It even deleted stuff off my calendar, so I missed meetings I didn’t know about,” he said.

The ransomware attack had a significant impact on certain city services and Tulsans wanting to get police reports, pay utility bills, or have utilities connected like Jenny Voss.

She and her partner recently moved to midtown.

“I called the City of Tulsa a few days before we were moving and let them know we were moving and the date and everything, and she told me their systems were down but that she would have to put it in manually,” said Voss.

Moving day arrived, and they discovered they had no water at the new house.

“So, when we moved in, water is kind of a necessity, and so we couldn’t clean the house or do anything,” she said.

They took matters into their own hands, found the water key, and figured out how to turn it on themselves.

“I was so confused when we didn’t have water because I thought, I called them, and I know I talked to them, and then I heard about that, so I’m sure that is what effected it,” said Voss.

Bynum said the city’s IT teams are working 24 hours a day, seven days a week at times to try and get all of the systems back up and running.

“That was job number one for us, and that required a lot of overtime for our IT department and our vendors to make sure they had those systems back up and in place so that the police, fire and EMSA, and others had what they needed to be able to respond quickly,” he said.

This hack isn’t isolated.

“We get hit with about 60-thousand attempts to hack our servers every day, and so having strong systems in place is so important to prevent those attempted hacks,” said Bynum.

Bynum said they know who is responsible for the ransomware attack, but the Department of Justice asked them not to talk about it because of its ongoing investigation. 2 News Oklahoma learned so far; the city spent just over $300,000 on its response. Most of that is on personnel and vendor costs. If Bynum agreed to pay the ransom, he said it would have been much higher.

He hopes to have all systems back up and running by September.

For Tulsans concerned their information was leaked on the dark web during the attack, the city has established a Look-Up Tool on its website.

WATCH the interview with Mayor Bynum on 2 News Oklahoma Friday at 10p.

Trending Stories:

Stay in touch with us anytime, anywhere --