Show All Answers
The malware virus attack happened Friday (3/6) evening after an attachment was opened that contained the virus. The virus infected up to 1,000 computers connected to the City network before the network was shutdown by Technology Solutions. That is why it is very important for employees not to click on any attachment or link sent by a stranger or unknown source. Durham City and County are not unique in attacks such as this, as numerous malware attacks have happened in cities throughout the nation. Fortunately, the City of Durham was prepared for a situation such as this one and had backed up much of the City’s data.
Due to the type of virus used, technology professionals have assured the City that neither employee nor resident data or information was compromised.
Recovering all City systems, including some specific departmental applications, is still in progress. However, most major systems and network drives are back online. For more details, please visit our Work from Home page.
K Drive, H Drive, and One Drive data are intact and up and running. The last systems backup for the OneDrive was Thursday, March 5, and the backups for the K and H drives were completed Friday, March 6, which was prior to the attack. These drives were restored to those points in time. All cloud storage is intact. Unfortunately, files saved on desktops are gone.
Phone service has been back in all City facilities since March, and Wi-Fi has been turned on in all City facilities as of May 11. Employees can also activate Wi-Fi hotspots on all City-issued mobile phones under Settings. These provide Wi-Fi access for mobile devices only.
Please contact TS if you still need your email restored. The TS Service Desk can be reached by email at SupportDesk@DurhamNC.gov or by phone at 919-560-4122, Option 1.
Please contact TS if you still need your workstation/laptop re-imaged. The TS Service Desk can be reached by email at SupportDesk@DurhamNC.gov or by phone at 919-560-4122, Option 1.
Any laptop or computer that’s part of the City network and has not been re-imaged is considered contaminated. This is true even for laptops and desktop computers that were powered off at the time of the attack and still appear functional. Additionally, any USB or storage device that has been used with a City computer over the past several months is considered contaminated. This is because it’s not known how long the malware was present in the system prior to March’s attack. We can assume it was a latent presence in the system for a long time. Do not plug anything into a City computer that has not been cleaned and re-imaged. USBs will be collected and, as time allows, will be scanned with information downloaded onto approved devices.
Any non-Windows device is not affected. Other personal equipment may have been exposed if USB or similar storage devices used with City work stations or laptops were plugged into computers at home.
The McAfee Security software previously used by the City failed to detect the presence of this virus. The City has now switched to a new anti-malware software that will detect and eradicate the type of malware that was used.
Here is some recommended verbiage to include in your email auto-response addressing the malware attack:
“Due to a recent cyber malware attack on the City of Durham’s networks, many City departments are operating in a limited capacity while systems and employee workstations are restored in the coming days and weeks. Please note that some delays in employee responses should be expected as email accounts and phone systems are restored throughout the organization. For the latest information on our recovery efforts, please visit https://DurhamNC.gov or follow @CityofDurhamNC on Facebook, Twitter, and Instagram. Thank you in advance for your patience as we navigate this situation and return to normal operations.”