KNOXVILLE, Tenn. — The City of Knoxville said it's paid $236,718 so far to clean up a ransomware attack that held much of the city's technology hostage this summer.
Attackers broke into the city's networks on June 11 in a ransomware attack, holding computer systems hostage in exchange for money. They demanded around $393,137 in Bitcoin, a kind of virtual currency with a rapidly fluctuating value.
Officials initially said that it appeared employee files had not been compromised in the attack, but hackers later posted internal city records on darknet forums.
After the attack, the city hired cyber specialists and management support services. Officials hired Mullen Coughlin, a law firm, as well as specialists from CrowdStrike Services Inc. Coughlin's hourly rates included $380 for a partner, $320 for an associate and $140 for a paralegal's services.
Invoices provided to 10News show the city paid those lawyers and specialists $239,718 so far to recover from the attack, about $100,000 less than the ransom the attackers demanded.
Officials sent a notification letter to people impacted by the attack, officials said. The attacker appeared to be from a group using the name, "DoppelPaymer," according to a threat analyst for an online security firm, Brent Callow.
Knoxville was at least the fourth U.S. city to have its data stolen by the group, Callow also said during an earlier interview. Other cities that were affected by cyberattacks include Pensacola, Fla., Torrance, Calif. and Florence, Ala.