Johnson City officials revealed that a ransomware attack affected some of the Tennessee municipality’s computer systems.

On Oct. 21, a Johnson City employee showed a ransom note left by the ransomware attackers to city IT Director Lisa Sagona. The message asked city officials to contact an email in exchange for payment instructions. Toward that end, the note claimed that the ransomware had encrypted the city government’s backups to dissuade the municipality from attempting to recover its data by any means other than paying for a decryption key.

Upon learning of the incident, Sagona, her staff and support personnel from Bailey Computing Technologies asked all employees to turn off their computers. They also launched an investigation into what had happened, which revealed that the ransomware had affected approximately half of the municipality’s computers.

Even so, the attack could have been much worse. The fact that the employee followed protocol in reporting the incident, in addition to a recent investment in a new hyperconverged storage network earlier in the year, helped prevent a worse outcome. Sagona told WJHL that the municipality didn’t lose anything in the ransomware attack, and that the modern IT system saved her and her staff a few days and a week’s worth of information as they began the process of restoring affected machines.