The malware has struck several US municipalities in 2019
ANALYSIS The cyber-attack that prompted the City of New Orleans’ mayor to declare a state of emergency on Friday (December 13) is the latest in a string of attacks on city and state governments to be linked to the Ryuk ransomware.
New Orleans Chief Information Officer Kim LaGrue confirmed during a press conference that suspicious activity on the city’s networks – including evidence of phishing and ransomware – had prompted the city to quarantine systems and pull the plug on its website.
A day later, Bleeping Computer revealed that executables containing references to Ryuk and New Orleans City Hall – including domain names, domain controllers, internal IP addresses, user names, and file shares – had been found within memory dumps handed to them by Red Flare Security researcher Colin Cowie.
However, the City of New Orleans has yet to confirm or deny whether Ryuk is involved.
NOLA Ready, the Louisiana city’s emergency preparedness campaign, confirmed that the city had powered down its servers, taken down all NOLA.gov websites and instructed employees to shut down their computers after discovering a potential breach at 5am on Friday morning.
Ready or not
Although workers have reverted to using pen and paper, NOLA Ready, which is managed by the Office of Homeland Security & Emergency Preparedness, has tweeted that City Hall was “open as usual”, but that “some services may be delayed”.
Emergency services, including the 911 emergency and 311 city service phone lines, were not disrupted, it also said on Twitter.
A tweet posted Monday
Support the originator by clicking the read the rest link below.
