Ruyk ransomware shuts down operations in New Orleans, US

This has been a year marked by the notorious increase in ransomware attacks registered in thousands of organizations around the world, especially in the United States, and incidents keep popping up. This time, digital forensics experts report that the city of New Orleans, in the state of Louisiana, US, has declared a state of emergency and forced the shutdown of multiple systems due to a ransomware infection.

Apparently, some of the city’s computer systems
began to show signs of suspicious activity in the early hours of last Friday,
December 13. A few hours later unauthorized activity increased, as the city’s
IT department had already detected multiple phishing attempts and encryption
malware samples.

Kim LaGrue, New Orleans’ IT director, confirmed
the attack that same day, mentioning that, as a security measure, some of the city’s
servers were shut down.

On the other hand, LaToya Cantrell, mayor of New Orleans, mentioned that while the presence of encryption malware has been confirmed on the city’s computer systems, the digital forensics department has not yet received a ransom note or any other contact attempts by the attackers. Regarding the type of malware used during this attack, it is mentioned that it is highly likely to be Ryuk, a dangerous ransomware variant detected in many other infection cases in local governments throughout the US.

As mentioned before, there are many reported
cases of ransomware infections in local and state governments over the most
recent months. States like Florida, Georgia and New York have suffered ravaging
encryption malware infections that forced the investing of extensive resources
for system and compromised information recovery.

Among the various cases reported over the last
year, digital forensics firms highlight what happened in the state of Louisiana;
a couple of months ago, the state governor decided to declare a state of
emergency due to a ransomware infection that crippled most government computer
systems at the state level. Independent investigators, security firms and
federal authorities had to collaborate in the incident recovery process,
although surely the worst news is this new infection affecting operations in
one of the most important Louisiana cities.

Several digital forensics specialists consider
that local governments are especially prone to suffer the consequences of a
ransomware infection, as most of the time these organizations do not have sufficient
human, financial and technological resources to develop plans for the
prevention, containment and recovery of computer security incidents, making
them easy prey for threat actors.

Fortunately, New Orleans does have an action
plan in case of cybersecurity incidents, which is already being implemented,
ensuring the operation of some systems without an Internet connection, and even
resorting to the performance of some activities using just pen-and-paper, at
least until the city’s IT department considers it safe to restore all
potentially affected systems. In addition, the local government has begun
investigating the incident internally.

Specialists from the International Institute of
Cyber Security (IICS) believe that the implementation of this emergency plan is
a sign that the local government has learned a lesson from the past, and even
though malicious hackers always find ways to exploit security weaknesses in an
organization, it is vital that security and incident response teams have a
backup plan in place to prevent attacks from spreading and generating
large-scale consequences.

Comments are closed.