Show All Answers
The malware virus attack happened Friday (3/6) evening after an attachment was opened that contained the virus. The virus infected up to 1,000 computers connected to the City network, before the network was shutdown by Technology Solutions. That is why is it very important for employees not to click on any attachment or link sent by a stranger or unknown source. Durham City and County are not unique in attacks such as this, as numerous ransomware attacks have happened in cities throughout the nation. Fortunately, the City of Durham was prepared for a situation such as and and had backed up much of the City’s data.
Due to the type of virus used, technology professionals have assured the City that neither employee nor resident data or information was compromised.
Recovering all city system, including some specific departmental applications should four to five weeks. Major core business systems, such as MUNIS, CityWorks and OnBase, are currently restored and operational. These programs/systems will be available on workstations at various sites or when employees receive their re-imaged laptops/computers.
K Drive, H Drive and One Drive data are intact and should be up by the first of next week. The last systems backup for the One-Drive is for Thursday, March 5; and the backups for the K and H drives were completed Friday, March 6th , which was prior to the attack. So these drives will be restored to those points in time. All cloud storage is intact. Unfortunately, files saved on desktops are gone.
Wi-Fi and phones will only be turned on when all laptop and computers at a given site are clean and re-imaged. But employees can currently activate Wi-Fi hotspots on all City-issued mobile phones under Settings. These provide Wi-Fi access for mobile devices only. By the end of next week, we expect all sites to have phone service. Wi-Fi will be turned on when nearly all of the computers have been re-imaged.
All City employees need to reset their passwords. TS is monitoring this closely, so in order to reset your log-on password, you must visit Technology Solutions on the fourth floor of City Hall to sit briefly at a work station and have your password reset. See your supervisor for any specific information about visiting TS to reset your email password.
All employee desktop and laptop computers are being collected and re-imaged in priority order provided by Deputy City Managers. Until then, TS will be setting up at least two to three shared work stations for all department divisions. No definite timetable has been established for this so stay posted; hopefully this can occur soon.
Any laptop or computer that’s part of the City network is considered contaminated. This is true even for laptops and desktop computers that were powered off at the time of the attack and still appear functional. Additionally, any USB or storage device that has been used with a City computer over the past several months is considered contaminated. This is because it’s not known how long the malware was present in the system prior to Friday’s attack. We can assume it was a latent presence in the system for a long time. Do not plug anything into a City computer that has not been cleaned and re-imaged. USBs will be collected and, as time allows, will be scanned with information downloaded onto approved devices.
Any non-Windows device is not affected. Other personal equipment may have been exposed if USB or similar storage devices used with City work stations or laptops were plugged into computers at home.
The McAfee Security software previously used by the City failed to detect the presence of this virus. The City has now switched to a new anti-malware software that will detect and eradicate the type of malware that was used.
Here is some recommended verbiage to include in your email auto-response addressing the malware attack:
“Due to a recent cyber malware attack on the City of Durham’s networks, many City departments are operating in a limited capacity while systems and employee workstations are restored in the coming days and weeks. Please note that some delays in employee responses should be expected as email accounts and phone systems are restored throughout the organization. For the latest information on our recovery efforts, please visit https://DurhamNC.gov or follow @CityofDurhamNC on Facebook, Twitter, and Instagram. Thank you in advance for your patience as we navigate this situation and return to normal operations.”