The City of New Orleans was Targeted by Ryuk Ransomware Actors

  • New Orleans systems are down since Friday, and the city is running on an emergency network.
  • The strain that was used in the attack was Ryuk, but Emotet and Trickbot might also be involved.
  • As the city services are gradually restored, people are advised to be tolerant and understanding.

On Friday, the City of New Orleans in Louisiana suffered a ransomware attack that resulted in the immediate shutting down of their public service systems, including all servers and computers. What survived the attack was the emergency services that rely on a separate, isolated network. The city’s officials informed the authorities about what happened and publicized the incident through Twitter. Based on the investigation efforts that followed, and with the help of the FBI, it was discovered that the ransomware strain which hit them was “Ryuk”, one of the most dangerous and widely used types of malware right now.

Over the weekend, all citizen calls were diverted to the Emergency Operations Center, while the recovery is still ongoing. Some systems have been brought back to their normal operational state, but most are still impacted by up to a point. The major’s account on Twitter has provided an overview of the state of recovery only hours prior to writing this piece. As the same sources clarified, the City Hall will open today, albeit some services may be unavailable, or they may take longer to process than usual.

As stated previously, the IT team which investigated the incident found no ransom notes, so the actors haven’t officially asked for the payment of any amount. This increases the chances of the occurrence being the result of an automated infection campaign based on phishing emails, which tells us something about the City’s network defense systems. To be fair though, there’s also the possibility of premature interruption of the attack, preventing the planting of a ransom note and indicating robust defensive mechanisms and timely network administrator response.

As for what information was compromised due to this incident, this includes domain names belonging to the City of New Orleans, domain controllers, internal IP addresses, user names, and various file shares. The official clarifications rule out the possibility of any citizen or employee PII data having been accessed by the actors. The truth is though, they will have to keep an eye on their systems for a while as the chances of having to clear Emotet and Trickbot remains from in there are pretty high. If you live in the New Orleans, you are advised to postpone any non-emergency tasks that would burden the city for next week, and generally try to maintain a patient stance towards the public services agents.

What would an effective solution against state-targeting ransomware be? Share your thoughts with us in the comments section down below, or on our socials, on Facebook and Twitter.


Recent Articles

4 Best Anime Kodi Addons in 2020

The anime culture spreads all over the globe, and that reflects in our online world as well. The same applies to Kodi, which can...

6 Best Gaming Kodi Addons in 2020

It’s true that Kodi can’t exactly replace a console. However, as you’ll see in our overview of the best gaming Kodi addons, this application...

5 Best Music Kodi Addons in 2020

Kodi's functionality goes well beyond playing or streaming movies. This application handles just about any file type - and this includes music as well....