Show All Answers

1. How did the malware attack happen?

The malware virus attack happened Friday (3/6) evening after an attachment was opened that contained the virus. The virus infected up to 1,000 computers connected to the City network before the network was shutdown by Technology Solutions. That is why it is very important for employees not to click on any attachment or link sent by a stranger or unknown source. Durham City and County are not unique in attacks such as this, as numerous malware attacks have happened in cities throughout the nation. Fortunately, the City of Durham was prepared for a situation such as this one and had backed up much of the City’s data. 

2. Was any personal information hacked?

Due to the type of virus used, technology professionals have assured the City that neither employee nor resident data or information was compromised. 

3. How long will it take to recover?

Recovering all City systems, including some specific departmental applications, is still in progress. However, most major systems and network drives are back online. For more details, please visit our Work from Home page.

4. Is all of my work lost?

K Drive, H Drive, and One Drive data are intact and up and running. The last systems backup for the OneDrive was Thursday, March 5, and the backups for the K and H drives were completed Friday, March 6, which was prior to the attack. These drives were restored to those points in time. All cloud storage is intact. Unfortunately, files saved on desktops are gone.

5. When will Wi-Fi and phone service come back?

Phone service has been back in all City facilities since March, and Wi-Fi has been turned on in all City facilities as of May 11. Employees can also activate Wi-Fi hotspots on all City-issued mobile phones under Settings. These provide Wi-Fi access for mobile devices only.

6. How can I get back into my email?

Please contact TS if you still need your email restored. The TS Service Desk can be reached by email at SupportDesk@DurhamNC.gov or by phone at 919-560-4122, Option 1.

7. How can I get my laptop and workstation functioning again?

Please contact TS if you still need your workstation/laptop re-imaged. The TS Service Desk can be reached by email at SupportDesk@DurhamNC.gov or by phone at 919-560-4122, Option 1.

8. What about cross-contamination with other devices?

Any laptop or computer that’s part of the City network and has not been re-imaged is considered contaminated. This is true even for laptops and desktop computers that were powered off at the time of the attack and still appear functional. Additionally, any USB or storage device that has been used with a City computer over the past several months is considered contaminated. This is because it’s not known how long the malware was present in the system prior to March’s attack. We can assume it was a latent presence in the system for a long time. Do not plug anything into a City computer that has not been cleaned and re-imaged. USBs will be collected and, as time allows, will be scanned with information downloaded onto approved devices.  

9. What about my Surface Pro, iPad or other devices?

Any non-Windows device is not affected. Other personal equipment may have been exposed if USB or similar storage devices used with City work stations or laptops were plugged into computers at home.

10. What are you doing to make sure this doesn’t happen again?

The McAfee Security software previously used by the City failed to detect the presence of this virus. The City has now switched to a new anti-malware software that will detect and eradicate the type of malware that was used. 

11. Should I add a note on my e-mail signature to inform others of our current situation?

Here is some recommended verbiage to include in your email auto-response addressing the malware attack: 

“Due to a recent cyber malware attack on the City of Durham’s networks, many City departments are operating in a limited capacity while systems and employee workstations are restored in the coming days and weeks. Please note that some delays in employee responses should be expected as email accounts and phone systems are restored throughout the organization. For the latest information on our recovery efforts, please visit ‪https://DurhamNC.gov‬ or follow @CityofDurhamNC on Facebook, Twitter, and Instagram. Thank you in advance for your patience as we navigate this situation and return to normal operations.”