Ryuk Ransomware Attacks New Orleans City Government And Proves Once Again That Phishing Is Here To Stay

Here’s all to know about the major ransomware attack on the New Orleans city.

In Dec 2019 cyberattack, the information systems and networks of the city government of New Orleans were attacked by malware (supposed to be ransomware), bringing down over 4000 computer systems. This malware is detected to be the ransomware Ryuk by security researcher Colin Cowie (founder of the cybersecurity research organization Red Flare Security in Indianapolis). Cowie found a striking resemblance between Ryuk and the malware that brought down the systems of New Orleans.


phishing protection

Ryuk is a type of ransomware that’s much used in recent times to lock and encrypt files of the victim’s computer that can be unlocked only upon the payment of a ransom amount in Bitcoin. If it’s indeed Ryuk that brought down the computer systems of New Orleans, then the city joins the list of municipal governments that were hit by the same ransomware in the recent past. Discovered about 16 months ago, the Ryuk ransomware has managed to collect $400,000 from Jackson County, Georgia; about $600,000 from Riviera Beach, Florida; $490,000 from Lake City, Florida; $130,000 from LaPorte County, Indiana; and $100,000 from the public school district in Rockville Centre, New York. As terrifying as these figures are, the officials from New Orleans have refrained from disclosing any details of ransom demanded by adversaries or the source of the attack.


How Does Ryuk Work?

  • The Ryuk virus, working with banking Trojans, steals financial information and credentials from phishing email recipients who fall into the trap and click on the attached malicious links.
  • Once a trojan called TrickBot affirms that a compromised network is at risk with ransomware, the Ryuk virus takes over and begins encrypting files on the victim’s system.
  • Such a cyber attack made Governor John Bel Edwards of the state of Louisiana announce an emergency last month.


What Happened In New Orleans?

Early in the morning on 13th December 2019 (Friday), the officials of the city government led by Chief Information Officer Kim LaGrue spotted some suspicious activity in the computer systems. Within the next couple of hours, they got to work and shut down operations across the city as a part of their anti-ransomware solutions. Hence the city officials formally acknowledged the attack on late Friday afternoon and declared a state of emergency with orders to shut down more than 4,000 computers and servers across the government.


email security services


What are the Losses?

The ransomware attack caused much disruption in the progress of the city’s work, leaving the people perturbed. Some of the affected areas include

  • The attack shut down the email, website, and other online applications of the city government, as reported by Governor John Bel Edwards.
  • The attack also affected the websites for the Office of the Governor, Louisiana State Legislature, Office of Motor Vehicles, Department of Corrections, the Louisiana Division of Administration, and the Department of Transportation & Development.
  • Due to the ransomware attack, the municipal courthouses remained shut down on Monday.
  • The attack also caused work stagnation at the city’s Healthcare for the Homeless as the service couldn’t see patients without the electronic health files being accessible to workers.


What Was the Impact?

Although the Ryuk ransomware attack caused much havoc in the city of New Orleans, yet it was announced in a press conference on Saturday by Kim LaGrue that the quick anti-phishing solutions adopted by her team ensured minimal damage to the city.

Since the city maintains offline backups of its files and applications, it is speculative that reestablishing the system of the town won’t be as much a matter of difficulty as a matter of time. Also, it is to be made sure that emergency services, including the city’s 911 line, remain unaffected.

As a rebound to the anti-phishing measures, some agencies have created Gmail accounts to handle non-emergency requests temporarily. At the same time, the city’s email server goes down because of the attack.


What More About the Attack?

Chief Information Officer Kim LaGrue notified that state and federal law-enforcement agencies are investigating the ransomware attack along with the Louisiana National Guard. All anti-malware measures seem to have been adopted by the city, and this finds a voice in LaGrue’s remark when she says, “The forensic investigation is still in progress. There is much that we are still to learn about this attack, the mechanisms, and what was significantly compromised.” She also mentioned about the evidence supporting the prospect of the cyber attack instigated by the compromise of the credentials of a city worker.

When asked to release some details about the Ryuk attack, a spokesman for Mayor LaToya Cantrell’s office was reluctant to disclose much in his email response on Tuesday afternoon. He said something in similar lines with LaGrue, “The forensic investigation into this incident is active and ongoing, and the city is working closely with our state and federal partners in that process. We have no further comment at this time.” The city officials have emancipated information about the attack only in bits and parts and have abstained from giving a full picture of the reality of the attack.

As per the latest updates, while the city agencies have taken to pen and paper, some other services are curtailed. However, a majority of the municipal agencies were open for business on Tuesday.

Researcher Cowie said one city file encrypted by Ryuk was labeled “contracts and revenue.” Still, it remains unclear as to what the file contains, and the officials, too, maintain secrecy on questions of whether the city will be able to retrieve the encrypted data.


Final Words

Since minimal information is there about the Ryuk infection that took over the computer systems of New Orleans city, it is uncertain whether their data is fully frozen or is still within the realms of retrieving. It is speculative that the process of restoring the systems fully will take at least a week. The city is attempting to wipe out the virus from all the 4000 computer systems across New Orleans. Perhaps this shall mark the beginning of a new chapter for them with better-enforced email security measures and an alert team of officials who know how to keep themselves and the city’s systems safe from adversaries.

Join the thousands of organizations that use DuoCircle

Find out how affordable it is for your organization today and be pleasantly surprised.

Interested in our Partner Program for MSPs and VARs? Visit Our MSP Partner Program.

Pin It on Pinterest