Over the past two weeks, the City of Knoxville has worked diligently to recover information technology systems impacted by the malware event.


Fortunately, the City’s Information Systems Department (IS) responded quickly to identify and contain the risk and to secure technical specialists experienced in cyber recovery services.


Cybersecurity law firm Mullen Coughlin as well as cybersecurity investigation and mitigation company CrowdStrike are among those assisting in the investigation.


At this time, the City does not anticipate it will pay the ransom, requested in Bitcoin, to the threat actor. This decision is based on a number of factors, including the team-focused technical approach, redundant and diversified IT systems, and quality data backups.


The response team has focused the past two weeks on recovering core system functionality and will now transition to completing repairs of remaining City desktop workstations. The goal is to have all employee PCs up and running within the next seven to 10 days.


Typical recovery times for malware attacks range from two to six weeks. In some instances, recovery from these events takes much longer.


It is important to note that throughout the malware event the City of Knoxville has continued to be “open for business.”  Although some inconveniences and disruptions occurred, City employees have worked creatively and effectively to meet the needs of residents, visitors, and the business community.


The forensic analysis and investigation is still ongoing so information on this event is subject to change.