On Friday the 13th of December, the City of New Orleans suffered a ransomware attack that resulted in a shutdown of the city’s servers and computers. The city stated that emergency services were not affected. Kim LaGrue, the city’s CIO, stated that the attack was first detected at 5:00 AM on December 13th, and appears to have originated from a phishing email. When employees started accessing their computers at 8:00 AM, the network showed an uptick in suspicious activity. The next day, memory dumps were uploaded from an IP address in the USA to the VirusTotal scanning service that contained multiple references to New Orleans and the Ryuk Ransomware. Colin Cowie of Red Flare Security found the information and shared it responsibly. If the city was indeed encrypted by Ryuk, then this just another incident of the recent uptick in the activity of Ryuk.
Analyst Notes
The number one method for ransomware distribution is through phishing campaigns. Employers should provide routine training to their staff in proper cybersecurity protocols with emphasis on recognizing suspicious emails. To protect against ransomware, a layered defense-in-depth strategy is the most effective method, including employee training, email filtering, up-to-date anti-virus software, and Endpoint Detection and Response (EDR) software to detect unusual activity such as a program writing new versions of too many files in a short period of time. It is also advisable to employ a 24/7 monitoring service that can detect and defend an organization’s servers and endpoints from malicious programs. The Binary Defense Security Operations Center (SOC)is capable of providing an around-the-clock defense system for any size organization. SOC analysts monitor for suspicious activity and can quickly isolate an infected computer from the network to keep an attack from spreading across the internal network.
Source Articles: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-likely-behind-new-orleans-cyberattack/
https://www.govinfosecurity.com/ryuk-eyed-as-culprit-in-new-orleans-ransomware-outbreak-a-1350
