Tuesday , January 26 2021

Bitcoin ransomware blamed for New Orleans ‘state of emergency’

TNW uses cookies to personalize content and ads to
make our site easier for you to use.
We do also share that information with third parties for
advertising & analytics.

Powered by

Blockchain, cryptocurrencies, and insider stories by TNW.

Cybersleuths found traces of Ryuk

Ransomware hackers have forced the city of New Orleans to declare a state of emergency, TechCrunch reports.

Last Friday, officials reportedly spotted a suspicious uptick in activity in the early morning, particularly phishing attempts. They confirmed an attack was underway approximately three hours later, and promptly shut down affected servers and computers.

A declaration of a state of emergency has been filed with the Civil District Court in connection with today’s cyber security event. pic.twitter.com/OQXDGv7JS4

— The City Of New Orleans (@CityOfNOLA) December 13, 2019

New Orleans’ services generally still operate — even in situations like these — thanks to forward thinking from city officials.

Representatives told the media that police, fire, and EMS are functional outside of the city’s internet network. The scheduling of building inspections, however, are to be reportedly handled manually for now.

As for city offices, New Orleans‘ director of homeland security Collin Arnold confirmed workers had resorted to using pen and paper while it deals with the situation.

Arnold also said that while New Orleans does have a “real-time crime center” that runs off the city’s network, related cameras are still recording independently.

Earlier today, New Orleans‘ mayor LaToya Cantrell tweeted that city agencies and departments were still impacted by the attack.

The City remains actively involved in recovery efforts related to the cyber-security incident last Friday, and individual agencies and departments will be impacted in various ways, detailed in graphics. pic.twitter.com/ojkn4eBh76

— Mayor LaToya Cantrell (@mayorcantrell) December 16, 2019

Curiously, BleepingComputer reports that someone from an IP address in the USA uploaded memory dumps of suspicious executables to scanning service VirusTotal one day after the attack began.

Cybersecurity researcher Colin Cowie then noted that some of these files contained references to both New Orleans and the prolific ransomware Ryuk.

Further analysis led BleepingComputer to posit that Ryuk is likely responsible for the New Orleans attack.

The city of #neworleans was hit with #RYUK Ransomware! Looks like it encrypted their “Contracts and Revenue” file share😳
🔗: https://t.co/PtfHjcYQA0 pic.twitter.com/cP4EcvgoPu

— Colin Cowie (@th3_protoCOL) December 15, 2019

Ryuk generally encrypts data and demands Bitcoin BTC in exchange for a decryption tool. Its masterminds have been known to infect machines with trojans en masse, later returning to exploit high-value targets with ransomware.

State-owned oil refineries, hospitals, schools, care facilities, and government institutions worldwide have all been hit by Ryuk over the past year.

The cryptocurrency ransom amount is usually scaled to the worth of the target. In this case, New Orleans officials are yet to confirm Ryuk‘s involvement, or how much the hackers have demanded.

Last week, Hard Fork reported that a strain of Ryuk had been recently found to have been peddling a broken decryption tool, meaning that victims who paid the Bitcoin ransom to unlock their files could inadvertently destroy them forever.

Published December 16, 2019 — 15:06 UTC

Thank you!

Copyright © 2006—2019.
All rights reserved.
Made with in Amsterdam.

This Article was first published on thenextweb.com

About IT News Ug

Check Also

Airbnb to be bigger than eBay after its long-awaited IPO

TNW uses cookies to personalize content and ads to make our site easier for you …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.