Honolulu’s main data officer advised town management this early morning Oahu Transit Expert services was “likely” compromised when anyone opened an e-mail, connection or attachment and introduced ransomware that is keeping TheBus, TheHandi-Van, Holo ride-card electronic expert services, web sites and apps offline, in accordance to an e-mail shared with the Honolulu Star-Advertiser.
“Hackers can compromise an account and use it to send contaminated messages. This is probably how the OTS system was compromised,” wrote Mark D. Wong, chief info officer and director of the city Department of Info Technological know-how in an e-mail sent this early morning to metropolis directors, deputy administrators, City Council members and staff, and DIT protection liaisons.
“At this time, no networks or programs operated by the Town and County of Honolulu are acknowledged to have been attacked or shut down by hackers,” he wrote.
In a further cyberattack, the 3rd-get together Kronos personnel timekeeping process made use of by the Honolulu Board of H2o Offer, the city’s Emergency Products and services Office and 1000’s of enterprises and businesses nationwide endured a ransomware assault that is envisioned to have an effect on the company’s operations for weeks.
Kronos is a cloud-primarily based process operated by a corporation in the United Kingdom.
Wong said explained town workforce using the Kronos technique log into that company’s website and no Kronos software program is operating on metropolis servers. The city can not are unable to shut down Kronos, but metropolis customers are not able to log in to the procedure right up until Kronos restores companies, he stated.
“It is probably that other Hawaii corporations like hospitals, retail outlets, and academic organizations are also utilizing Kronos,” Wong explained to metropolis leaders.
Wong also in depth how networks and devices working the Bus and Handi-Van computer software are managed by Oahu Transit Solutions that use networks independent from the the city’s.
The fare collection procedure and HOLO card exchanges info with the OTS techniques but people programs are physically individual and found in city data centers in their own isolated in network.
“There have been no indications that HOLO has been hacked, but servers have disconnected from the Web until eventually the OTS products and services are restored,” Wong wrote. “While the metropolis systems and networks look to be risk-free at this time, we need to be hyper-vigilant in the course of what seems like a siege on authorities and infrastructure programs.”
He urged office heads and all town staff to be particularly careful about opening any attachment or website link despatched in an electronic mail, even if the sender seems well regarded to you.
The displayed URL in a url is not always the tackle that is actually embedded in the website link. Don’t simply click on the backlink. As a substitute, enter the handle or go to a properly-known web site, he wrote.
Spreadsheets and PDFs persistently distribute malware.
Town employees should avoid forwarding messages with attachments to lessen the threat of spreading malware and restrict internet use to essential perform, he explained.
“Log out of your workstation if you are stepping absent for an hour or a lot more, and shut down your devices when you go away for the day until you definitely will need remote access,” he reported. “DIT is on excessive warn. We’re undertaking every thing we can to hold our networks and devices safe and sound, but our customers are seriously our to start with line of protection. Be suspicious of anything that has uncommon material, incorrect spelling or grammar, or is from an not likely sender (even the Mayor or Council Chair). Get in touch with the consumer right if there is any query, and notify DIT if you suspect an attempted assault.”