This article was published on December 16, 2019

Bitcoin ransomware blamed for New Orleans ‘state of emergency’

Cybersleuths found traces of Ryuk


Bitcoin ransomware blamed for New Orleans ‘state of emergency’

Ransomware hackers have forced the city of New Orleans to declare a state of emergency, TechCrunch reports.

Last Friday, officials reportedly spotted a suspicious uptick in activity in the early morning, particularly phishing attempts. They confirmed an attack was underway approximately three hours later, and promptly shut down affected servers and computers.

New Orleans’ services generally still operate — even in situations like these — thanks to forward thinking from city officials.

Representatives told the media that police, fire, and EMS are functional outside of the city’s internet network. The scheduling of building inspections, however, are to be reportedly handled manually for now.

As for city offices, New Orleans’ director of homeland security Collin Arnold confirmed workers had resorted to using pen and paper while it deals with the situation.

Arnold also said that while New Orleans does have a “real-time crime center” that runs off the city’s network, related cameras are still recording independently.

Earlier today, New Orleans’ mayor LaToya Cantrell tweeted that city agencies and departments were still impacted by the attack.

Bread crumbs point to Bitcoin-hungry Ryuk

Curiously, BleepingComputer reports that someone from an IP address in the USA uploaded memory dumps of suspicious executables to scanning service VirusTotal one day after the attack began.

Cybersecurity researcher Colin Cowie then noted that some of these files contained references to both New Orleans and the prolific ransomware Ryuk.

Further analysis led BleepingComputer to posit that Ryuk is likely responsible for the New Orleans attack.

Ryuk generally encrypts data and demands Bitcoin in exchange for a decryption tool. Its masterminds have been known to infect machines with trojans en masse, later returning to exploit high-value targets with ransomware.

State-owned oil refineries, hospitals, schools, care facilities, and government institutions worldwide have all been hit by Ryuk over the past year.

The cryptocurrency ransom amount is usually scaled to the worth of the target. In this case, New Orleans officials are yet to confirm Ryuk’s involvement, or how much the hackers have demanded.

Last week, Hard Fork reported that a strain of Ryuk had been recently found to have been peddling a broken decryption tool, meaning that victims who paid the Bitcoin ransom to unlock their files could inadvertently destroy them forever.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top