The City of Knoxville is the largest in the East Tennessee region. Its website appears to be down at the moment, so there is no way of seeking any comment from the body.
Trinity Metro is not an agency or department of any of its member cities. It provides eight million passenger trips annually on buses, TEXRail, ZIPZONE services, ACCESS paratransit, vanpools and Trinity Railway Express.
TEXRail, which operates between Fort Worth and Dallas Fort Worth International Airport’s Terminal B, is owned and operated by Trinity Metro. TRE, which runs between Fort Worth and Dallas, is jointly owned and operated by Trinity Metro and DART.
The Metro's contact form does not seem to be working at the moment.
Update, 5 July AEDT: Trinity Metro's name has now disappeared from the NetWalker site on the dark web, indicating that it may have paid the ransom that was demanded.
Both DoppelPaymer and NetWalker employ similar tactics: they exfiltrate data before encrypting documents and issuing ransom demands.
And if these are not met within a stipulated period, then the slow release of files begins as a pressure tactic.
In the case of Trinity Metro, the attackers have placed a deadline of 11 July before they publish the firm's data online.
In the City of Knoxville case, a large list of files has been released and more are said to be in the pipeline. In addition, the attackers have also listed the machines which were attacked, most of which run various versions of Windows Server dating from the 2008 version onwards.
Contacted for comment, Brett Callow, a regular iTWire commentator on ransomware attacks, said: "Audits and studies have repeatedly shown that US local governments practice cyber security poorly, which is why at least 113 of them were affected by ransomware last year."
Callow, who works as a threat analyst for the New Zealand-headquartered security shop Emsisoft, added: "This needs to change. If it does not, state and municipal entities will continue to be hit by ransomware and their data — and their residents' data — will continue to be stolen and published.
"But, alas, it seems that governments still haven't upped their security game. So far this year, at least 56 hit been hit, so it appears the 2020 numbers will be very similar to those of 2019."