The City of New Orleans has emerged as the latest victim in a ransomware attack. The attack caused many city websites to go offline. Fortunately, the malware didn’t cause serious damage. However, more details are yet to come.
New Orleans Under Ransomware Attack
On Friday morning, the City of New Orleans suffered a ransomware attack. While the attack initially remained undisclosed after the incident, a press conference later confirmed the involvement of ransomware.
Following the attack, the city systems went offline out of caution. According to Beau Tidwell spokesperson for New Orleans Mayor LaToya Cantrell,
Out of an abundance of caution, all employees were immediately alerted to power down computers, unplug devices & disconnect from the city’s WiFi.
Officials assured that the ransomware didn’t cause much damage. Yet, specific information about the attack remained veiled as investigations continued.
Ryuk Ransomware Possibly Involved
Recently, the founder of Red Flare Security, Colin Cowie, has shared some insights about the ransomware attack. Precisely, he revealed the involvement of Ryuk ransomware in the attack.
The city of #neworleans was hit with #RYUK Ransomware! Looks like it encrypted their "Contracts and Revenue" file share?
?: https://t.co/PtfHjcYQA0 pic.twitter.com/cP4EcvgoPu
— Colin ??? (@th3_protoCOL) December 15, 2019
Based on the analysis of the memory dumps he came across, and his findings shared with BleepingComputer, the involvement of Ryuk ransomware seems confirmed.
The memory dump found by Cowie is for an executable named ‘yoletby.exe’ and contains numerous references to the City of New Orleans including domain names, domain controllers, internal IP addresses, user names, file shares, and references to the Ryuk ransomware.
It is also likely that the attack could have involved Emotet and Trickbot as well.
Though, none of these details have received official endorsements yet. We still wait to hear more about the incident from the authorities.
Recently, Ryuk also preyed on a Spanish cybersecurity firm Prosegur. Though the firm contained the attack, it took them some time to restore their services.
Let us know your thoughts in the comments.