On Friday the 13th of December, the City of New Orleans suffered a ransomware attack that resulted in a shutdown of the city’s servers and computers. The city stated that emergency services were not affected. Kim LaGrue, the city’s CIO, stated that the attack was first detected at 5:00 AM on December 13th, and appears to have originated from a phishing email. When employees started accessing their computers at 8:00 AM, the network showed an uptick in suspicious activity. The next day, memory dumps were uploaded from an IP address in the USA to the VirusTotal scanning service that contained multiple references to New Orleans and the Ryuk Ransomware. Colin Cowie of Red Flare Security found the information and shared it responsibly. If the city was indeed encrypted by Ryuk, then this just another incident of the recent uptick in the activity of Ryuk.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased