City network infected by virus Friday, files recovered

Learn how to protect yourself, the City

The City suffered a computer virus infection Sept. 18. The network was hit with CryptoWall, the most advanced form of “ransomware” that exists. Once a computer gets infected by CryptoWall, the virus scans computers and entire networks (including Dropbox and other online storage) for data. The virus then encrypts everything it finds. It irrevocably changes the files so they can’t be used. The data is lost unless users pay a ransom to hackers for the key to unlock the data.

While there is no way to unlock the encrypted files without paying the ransom, IT contained the infection and then restored the City files from its daily backups.

How do these infections happen?

Information Technology is still investigating how the City network got infected, but there are three ways most Cryptowall infections start:

  1. A phishing email that includes malware disguised as PDFs. These PDFs appear to be invoices, purchase orders, bills, complaints or other business communications, but double-clicking on them, infects your computer with CryptoWall and starts the encryption process.
  2.  A website that looks legitimate but contains embedded links that download and install a malicious program when clicked. The download and installation may be invisible to the user.
  3.  An advertisement in the sidebar of an otherwise safe site, such as Google or Yahoo. Clicking on the ad redirects the user’s browser to a site that infects the computer. 

Protect yourself and the City

Safe internet practices provide the best protection against viruses like CryptoWall.

Get more tips to protect yourself and the City.

Questions or comments?

Do you have a security-related question or suggestion or want to comment on this article? Contact the IT security officer.

Learn more

Visit the iRiskAware page on CityTalk for more security-related tips and information.

Published Sep 22, 2015



Contact us

Email updates

Find a service

About this site

For employees

For reasonable accommodations or alternative formats, contact 311.
People who are deaf or hard of hearing can use a relay service to call 311 at 612-673-3000.
TTY users can call 612-673-2157 or 612-673-2626.

Para asistencia 612-673-2700, Yog xav tau kev pab, hu 612-637-2800, Hadii aad Caawimaad u baahantahay 612-673-3500. 


311 call center

311 TTY relay service

City of Minneapolis Facebook City of Minneapolis Twitter City of Minneapolis YouTube ChaNNEL Minneapolis 311 Minneapolis 14 Government TV City of Minneapolis LinkedIn

Minneapolis, City of Lakes logo