Officials at Tulsa City Hall gave an update yesterday on May 6th's ransomware attack that took down city systems.
Michael Dellinger, Chief Information Officer, spoke first at the press conference and recapped what happened. He said on May 6th he received notice that city servers were communicating with a known threat site. Internal and external teams were gathered, and servers were disconnected.
City departments were advised to switch to manual operations as defined in their operating plans.
Dellinger said there is no definite time frame for when systems will be back online.
"While we can't give definitive time lines, we expect several critical systems to come back online in the coming days. While some systems may take weeks to restore, mission critical online systems are a priority," said Dellinger.
Dellinger said the city has 64 priority systems with multiple servers.
Mayor GT Bynum spoke next. He said the attackers have been identified.
"We know who did this," Bynum said. "They are under federal investigation. I can't say who they are, but it is reassuring to know who did this to the citizens of Tulsa."
Bynum said the attackers sent a message demanding an unspecified ransom or else they would announce they had hacked Tulsa's systems. No contact was made, Bynum said.
"We're not gonna pay any ransom," Bynum said. "The trade-off of that it takes time to go through our systems and make sure they're clean."
In many instances, organizations will pay ransoms because it's cheaper than recovering systems. Bynum emphasized the city will not negotiate with cyberterrorists.
"We want to send a strong message that the city of Tulsa is not sitting here waiting for you to hack us so we can pay you money," said Bynum.
In 2018, the city of Atlanta experienced a cyberattack. The ransom demand was $50,000, which the city did not pay and may have not had an opportunity to pay since the hackers took the payment portal offline. Bynum cited this situation as a wake-up call.
"That's when Michael and I started talking about how to make sure that doesn't happen to us," Bynum said.
The cost of restoring Atlanta's systems was over $2 million, though some experts say with this investment Atlanta was put in a better position to fend off future cyberattacks. The cost to Tulsa isn't yet known.
Bynum stressed the need to continue to invest in cybersecurity.
"We're in a position to not pay the ransom because of our investments. Those investments were good enough to save us this time, but they might not be in the future," said Bynum.
Police body cameras are not in use because of the attack. In a phone call after the conference, Captain Richard Meulenberg said cameras do work but since there is no way for officers to offload data via city WiFi, they are not in operation.
Meulenberg said he hopes the cameras will be running again by the time of Tulsa Race Massacre Centennial events.
When asked about a backup plan should WiFi not be restored, Meulenberg said in his twenty-five year career he hasn't experienced anything like the ransomware attack, and no plan is yet in place.