Tulsa Shuts Down Systems Due to Double-tap Ransomware


The City of Tulsa, Oklahoma, is being hit by a double-tap ransomware attack. And in a pre-emptive move is shutting down systems including all its online services. A press release on Facebook  from IT services explains that “Due to a recent ransomware attack, the City of Tulsa is experiencing technical difficulties on various outward-facing programs that help City employees serve the citizens of Tulsa.”

“Out of an abundance of caution, the City shut down various servers, internal programs, and the City’s email system. Individuals trying to reach City employees will not be able to reach them via City email at this time,” the statement says.

There were few details given. The city claims no customer information has been compromised. And emergency services including 911 are not affected. Tulsa is implementing various manual processes, as an interim measure.

Signup for the USA Herald exclusive Newsletter

Tulsa’s websites were still mostly offline as of Monday night. A message on the main page claims they are “currently down for maintenance.”

Double-tap ransomware targets municipalities

There has been a dramatic increase in ransomware attacks targeting cities, states, and local governments worldwide. In late April a similar attack was waged against the British Columbia, Canada Resort Municipality of Whistler. And the ransomware attack was the cause of the suspension of most of its services.

The Whistler attack and the Tulsa attack are believed to be double-tap ransomware hacks. This means that, in both cases, files are immediately encrypted and then data is stolen.

Although Tulsa claims no customer information has been breached, if true, that would be surprising. The point of a ransomware attack is to hold private data for ransom.

“Ransomware continues to be a prolific threat to our local, state, and federal governments, as well as essential critical infrastructure like we have seen with the recent Colonial Pipeline attack,” says James Carder, the chief security officer at security intelligence company LogRhythm Inc. and vice president of the LogRhythm Lab.

 “Unfortunately, governments will continue to be sought-after targets for hackers because of the public nature and significant impact, the plethora of rich information that can be leveraged, and the often-inferior defenses that allow easy exploitation,” Carder adds.

Government entities now understand that there is an increasing possibility of ransomware attacks. And they should take steps to prevent them, Carder pointed out. “The attacks we have seen over the last 72 hours are a marked escalation to what was an already major threat,” he said.