On Friday the 13th of December, the City of New Orleans suffered a ransomware attack that resulted in a shutdown of the city’s servers and computers. The city stated that emergency services were not affected. Kim LaGrue, the city’s CIO, stated that the attack was first detected at 5:00 AM on December 13th, and appears to have originated from a phishing email. When employees started accessing their computers at 8:00 AM, the network showed an uptick in suspicious activity. The next day, memory dumps were uploaded from an IP address in the USA to the VirusTotal scanning service that contained multiple references to New Orleans and the Ryuk Ransomware. Colin Cowie of Red Flare Security found the information and shared it responsibly. If the city was indeed encrypted by Ryuk, then this just another incident of the recent uptick in the activity of Ryuk.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is