Honolulu’s chief information officer told city leadership this morning Oahu Transit Services was “likely” compromised when someone opened an e-mail, link or attachment and introduced ransomware that is keeping TheBus, TheHandi-Van, Holo ride-card digital services, websites and applications offline, according to an e-mail shared with the Honolulu Star-Advertiser.

“Hackers can compromise an account and use it to send infected messages. This is likely how the OTS system was compromised,” wrote Mark D. Wong, chief information officer and director of the city Department of Information Technology in an email sent this morning to city directors, deputy directors, City Council members and staff, and DIT security liaisons.

“At this time, no networks or systems operated by the City and County of Honolulu are known to have been attacked or shut down by hackers,” he wrote.

In another cyberattack, the third-party Kronos employee timekeeping system used by the Honolulu Board of Water Supply, the city’s Emergency Services Department and thousands of businesses and organizations nationwide suffered a ransomware attack that is expected to affect the company’s operations for weeks.

Kronos is a cloud-based system operated by a company in the United Kingdom.

Wong said said city employees using the Kronos system log into that company’s website and no Kronos software is running on city servers. The city cannot cannot shut down Kronos, but city users cannot log in to the system until Kronos restores services, he explained.

“It is likely that other Hawaii organizations like hospitals, retail outlets, and educational organizations are also using Kronos,” Wong told city leaders.

Wong also detailed how networks and systems running the Bus and Handi-Van software are managed by Oahu Transit Services that use networks separate from the the city’s.

The fare collection system and HOLO card exchanges data with the OTS systems but those systems are physically separate and located in city data centers in their own isolated in network.

“There have been no signs that HOLO has been hacked, but servers have disconnected from the Internet until the OTS services are restored,” Wong wrote. “While the city systems and networks appear to be safe at this time, we must be hyper-vigilant during what seems like a siege on government and infrastructure systems.”

He urged department heads and all city workers to be extremely cautious about opening any attachment or link sent in an email, even if the sender appears well known to you.

The displayed URL in a link is not necessarily the address that is actually embedded in the link. Don’t click on the link. Instead, enter the address or go to a well-known site, he wrote.

Spreadsheets and PDFs consistently spread malware.

City workers should avoid forwarding messages with attachments to reduce the risk of spreading malware and limit internet use to essential work, he said.

“Log out of your workstation if you are stepping away for an hour or more, and shut down your machines when you leave for the day unless you absolutely need remote access,” he said. “DIT is on extreme alert. We’re doing everything we can to keep our networks and systems safe, but our users are really our first line of defense. Be suspicious of anything that has unusual content, incorrect spelling or grammar, or is from an unlikely sender (even the Mayor or Council Chair). Call the user directly if there is any question, and notify DIT if you suspect an attempted attack.”