Last Friday, Mayor LaToya Cantrell declared a state of emergency in the City of New Orleans. Not because of a devastating storm hitting the city or riots that got out of hand. This time, the reason was a ransomware attack discovered on December 13th. Over the weekend, further analysis indicated that Ryuk ransomware was likely to have been the cause.
Back to Pen and Paper
Officials first spotted suspicious, mainly phishing, activity on some computers in the early hours of Friday morning. They suspected that an attack was likely underway. A few hours later unauthorized activity increased and as a security measure, all computers were disconnected from the network. Civil servants had to revert back to old-fashioned pen and paper to do their work. They were no longer allowed to log into their computers.
On Monday, Mayor LaToya Cantrell confirmed that “there hasn’t been an official ask of the City through ransomware” and that “New Orleans is still in recovery mode”. The Public Safety Team is keeping the public up to date on the city’s response to the cyber incident.
Most of New Orleans’ services continued to operate thanks to some smart forward thinking. “We have been preparing ourselves for incidents like this”, confirmed Mayor LaToya Cantrell. “With the improvements that are put in place with infrastructure. And with daily routine cyber checks. This allowed our team to catch this early.” For the time being, it appears that there are no far-reaching consequences from the attack.
The digital forensics department is now diving deeper to better understand what exactly happened. The ransomware used was most likely Ryuk, a dangerous data encryption Trojan that has been detected in many other cases. Ryuk generally encrypts data and demands Bitcoin payment in exchange for a decryption tool.
Cities Increasingly Becoming Victims
It is certainly not the first time that an American city has had to deal with ransomware. Nationwide in the US, at least eight other cities have been hit with similar attacks. Two cities in Florida, Lake City and Riviera Beach, have paid $426,000 and 600,000 worth of bitcoin respectively to have their files unlocked.
Governments, as well as universities and hospitals, are increasingly being targeted by such attacks. This is because they often do not have enough money and manpower to arm themselves against them.
Unfortunately, it is very difficult to determine the final recipient of the fraudulent payments from the Ryuk attacks. This is because the malware operators transfer the funds through many different Bitcoin wallets.
Ransomware attacks are cyberattacks where files on computers are locked by hackers. In such attacks, documents and/or data on affected devices can no longer be accessed and often devices are no longer usable. Hackers then ask victims to pay Bitcoin ransoms and promise to release files in return.
To limit the damage caused by ransomware attacks, it is wise to make regular back-ups and to apply good cyber security. Furthermore, the No More Ransom-website offers tools to retrieve encrypted data without having to pay the criminals’ ransom.