SPRING HILL, Tenn. (WKRN) — Victor Lay, the former city administrator for Spring Hill, said the cyberattack that hit the city back in 2017 was the most traumatic event he ever had to deal with.

“Someone opened an email they shouldn’t have and clicked on a link they shouldn’t have,” said Lay.

It was a phishing scheme, the most common form of cyberattack seen in local governments, according to Jim Arnette, the Director of the Division of Local Government Audit.

“A phishing scheme is when an employee receives an email asking for confidential information like Social Security Number or a credit card number the email may also be directing someone to click on a link embedded in an email or attached to an email,” said Arnette.

Once the email in Spring Hill was accidentally opened, the virus got to work and started shutting everything down; email, dispatch computers, even accounting software. None of it could be used. This was the case for a few months.

“It’s the 1980s all over again, handwriting receipts and doing this and that,” recalled Lay.

The attackers demanded $250,000 but ultimately, the city never paid and decided instead, to rebuild from basically scratch.

Unfortunately, Spring Hill is not alone. In June of 2020, an overnight ransomware attack impacted the city of Knoxville’s computer network. City officials believe the attack came from a phishing email, too, opened by an employee.

It’s why experts say training is so important. “You’ve always got to be very cautious with emails,” Arnette said.

Use a strong password, have firewalls, and keep your anti-virus software up to date; all things Mark Archer wishes he had when Henry County’s enhanced 911 system was attacked by ransomware in 2016.

Investigators say the system was accessed through an old username and password left behind.

“It’s everybody’s responsibility,” Lay said, adding that technology is always changing, to stay on top of IT.

Below are some of his tips:

Vulnerability and dangers continue to threaten home computers and phones everywhere. See what you need to do to stay safe from ransomware attacks in our Special Reports ‘Cyberattacks Hitting Home’ all day Tuesday on WKRN News 2 in every newscast and on WKRN.com.