Honolulu Fire Department personnel inadvertently downloaded a ransomware computer virus that infected about 20 HFD computers this week, forcing the department to temporarily shut down all its administrative computers.
HFD Capt. David Jenkins said the department was notified of the infection about
9 p.m. Monday and began shutting down its administrative computers in the department’s 43 fire stations to prevent the virus from spreading. The computers are used for emails, reports and other administrative duties.
The department’s emergency response was not affected — its computer-aided dispatch system and computers in firetrucks operate on a separate network, he said.
The administrative computers were returned to normal use on Wednesday morning after the threat was removed, he said.
Mark Wong, director of the city Department of Information Technology, said in an emailed statement that the computers were infected after fire personnel read personal email on a web browser.
The ransomware in this case, known as ODIN, is spread when a user clicks on an email link that takes the user to a webpage, where the virus is downloaded, he said.
Ransomware is a type of software that encrypts computer files until a payment is made. The name ODIN refers to the .ODIN extension that files are given after they are encrypted, according to computing websites.
DIT identified the affected directories and removed all the .ODIN files, and the city did not have to pay a ransom, Wong said.
Wong said emails that go through the city’s network are subjected to more extensive filtering, including the examination of embedded email links.
He said that about two years ago the city foresaw ransomware being a problem and invested in a replication storage system that backs up servers daily and creates “snapshots” that can re-create a directory from any given day.
“The foresight of this investment is now paying huge dividends,” he said.
Andrew Pereira, a city spokesman, said the matter has been referred to the FBI.