Ryuk Ransomware Attacks Durham, North Carolina, Government
Cybercriminals have launched a Ryuk ransomware attack against city and county governments in Durham, North Carolina, according to Government Technology.
Approximately 1,000 Durham County computers will have to be re-imaged following the ransomware attack, county CIO Greg Marrow told Government Technology. In addition, Marrow said about 100 servers from the county’s data center would have to be rebuilt.
Durham officials learned about the ransomware attack Friday, March 6. At that time, they deactivated the city’s phone system to help contain the attack.
Ransomeware Triggered by Phishing Attack?
The ransomware attack likely spread after internal employees clicked on infected emails, Durham officials stated. However, city and county data backups were not compromised during the ransomware attack, and no personally identifiable data was accessed by hackers.
IT staff are bringing city systems back online while investigating the source of the ransomware attack, Durham officials said. Critical public safety systems for the city are operational and emergency calls are being handled, and the city’s website is fully functional.
In addition, the county’s phone system is operating as normal and its website is fully functional, Durham officials noted. The ransomware attack also has no impact on the county’s 911 services.
Ryuk Ransomware: Here’s What MSSPs Need to Know
Ryuk allows a threat actor to identify and attack an organization’s critical network systems. It often goes undetected for several days or months following an initial infection and has been used in several cyberattacks.
Emcor, a Fortune 500 company that specializes in mechanical and electrical construction services and industrial and energy infrastructure, last month discovered a Ryuk ransomware attack. The company was forced to shut down IT systems affected by the Ryuk attack and continues to investigate the incident.
Furthermore, cybercriminals in October 2019 used Ryuk to attack three Alabama hospitals managed by DCH Health System. Following the ransomware attack’s discovery, outpatients with appointments at any of the three hospitals were told to call before attending their appointments, and local ambulances were told to take patients to other nearby hospitals.