Show All Answers

1. How did the malware attack happen?

The malware virus attack happened Friday (3/6) evening after an attachment was opened that contained the virus.  The virus infected up to 1,000 computers connected to the City network, before the network was shutdown by Technology Solutions.  That is why is it very important for employees not to click on any attachment or link sent by a stranger or unknown source.  Durham City and County are not unique in attacks such as this, as numerous ransomware attacks have happened in cities throughout the nation. Fortunately, the City of Durham was prepared for a situation such as and and had backed up much of the City’s data. 

2. Was any personal information hacked?

 Due to the type of virus used, technology professionals have assured the City that neither employee nor resident data or information was compromised. 

3. How long will it take to recover?

Recovering all city system, including some specific departmental applications should four to five weeks.  Major core business systems, such as MUNIS, CityWorks and OnBase, are currently restored and operational. These programs/systems will be available on workstations at various sites or when employees receive their re-imaged laptops/computers.

4. Is all of my work lost?

K Drive, H Drive and One Drive data are intact and should be up by the first of next week. The last systems backup for the One-Drive is for Thursday, March 5; and the backups for the K and H drives were completed Friday, March 6^{th ,} which was prior to the attack.  So these drives will be restored to those points in time. All cloud storage is intact. Unfortunately, files saved on desktops are gone.

5. When will Wi-Fi and phone service come back?

Wi-Fi and phones will only be turned on when all laptop and computers at a given site are clean and re-imaged. But employees can currently activate Wi-Fi hotspots on all City-issued mobile phones under Settings. These provide Wi-Fi access for mobile devices only. By the end of next week, we expect all sites to have phone service. Wi-Fi will be turned on when nearly all of the computers have been re-imaged.

6. How can I get back into my email?

 All City employees need to reset their passwords. TS is monitoring this closely, so in order to reset your log-on password, you must visit Technology Solutions on the fourth floor of City Hall to sit briefly at a work station and have your password reset. See your supervisor for any specific information about visiting TS to reset your email password.

7. How can I get my laptop and workstation functioning again?

All employee desktop and laptop computers are being collected and re-imaged in priority order provided by Deputy City Managers. Until then, TS will be setting up at least two to three shared work stations for all department divisions. No definite timetable has been established for this so stay posted; hopefully this can occur soon.

8. What about cross-contamination with other devices?

Any laptop or computer that’s part of the City network is considered contaminated. This is true even for laptops and desktop computers that were powered off at the time of the attack and still appear functional. Additionally, any USB or storage device that has been used with a City computer over the past several months is considered contaminated. This is because it’s not known how long the malware was present in the system prior to Friday’s attack. We can assume it was a latent presence in the system for a long time. Do not plug anything into a City computer that has not been cleaned and re-imaged. USBs will be collected and, as time allows, will be scanned with information downloaded onto approved devices.  

9. What about my Surface Pro, iPad or other devices?

Any non-Windows device is not affected. Other personal equipment may have been exposed if USB or similar storage devices used with City work stations or laptops were plugged into computers at home.

10. What are you doing to make sure this doesn’t happen again?

The McAfee Security software previously used by the City failed to detect the presence of this virus. The City has now switched to a new anti-malware software that will detect and eradicate the type of malware that was used. 

11. Should I add a note on my e-mail signature to inform others of our current situation?

Here is some recommended verbiage to include in your email auto-response addressing the malware attack: 

“Due to a recent cyber malware attack on the City of Durham’s networks, many City departments are operating in a limited capacity while systems and employee workstations are restored in the coming days and weeks. Please note that some delays in employee responses should be expected as email accounts and phone systems are restored throughout the organization. For the latest information on our recovery efforts, please visit ‪https://DurhamNC.gov‬ or follow @CityofDurhamNC on Facebook, Twitter, and Instagram. Thank you in advance for your patience as we navigate this situation and return to normal operations.”