Ransomware hackers have forced the city of New Orleans to declare a state of emergency, TechCrunch reports.
Last Friday, officials reportedly spotted a suspicious uptick in activity in the early morning, particularly phishing attempts. They confirmed an attack was underway approximately three hours later, and promptly shut down affected servers and computers.
A declaration of a state of emergency has been filed with the Civil District Court in connection with today’s cyber security event. pic.twitter.com/OQXDGv7JS4
— The City Of New Orleans (@CityOfNOLA) December 13, 2019
New Orleans’ services generally still operate — even in situations like these — thanks to forward thinking from city officials.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
Representatives told the media that police, fire, and EMS are functional outside of the city’s internet network. The scheduling of building inspections, however, are to be reportedly handled manually for now.
As for city offices, New Orleans’ director of homeland security Collin Arnold confirmed workers had resorted to using pen and paper while it deals with the situation.
Arnold also said that while New Orleans does have a “real-time crime center” that runs off the city’s network, related cameras are still recording independently.
Earlier today, New Orleans’ mayor LaToya Cantrell tweeted that city agencies and departments were still impacted by the attack.
The City remains actively involved in recovery efforts related to the cyber-security incident last Friday, and individual agencies and departments will be impacted in various ways, detailed in graphics. pic.twitter.com/ojkn4eBh76
— Mayor LaToya Cantrell (@mayorcantrell) December 16, 2019
Bread crumbs point to Bitcoin-hungry Ryuk
Curiously, BleepingComputer reports that someone from an IP address in the USA uploaded memory dumps of suspicious executables to scanning service VirusTotal one day after the attack began.
Cybersecurity researcher Colin Cowie then noted that some of these files contained references to both New Orleans and the prolific ransomware Ryuk.
Further analysis led BleepingComputer to posit that Ryuk is likely responsible for the New Orleans attack.
The city of #neworleans was hit with #RYUK Ransomware! Looks like it encrypted their "Contracts and Revenue" file share?
?: https://t.co/PtfHjcYQA0 pic.twitter.com/cP4EcvgoPu— Colin Cowie (@th3_protoCOL) December 15, 2019
Ryuk generally encrypts data and demands Bitcoin in exchange for a decryption tool. Its masterminds have been known to infect machines with trojans en masse, later returning to exploit high-value targets with ransomware.
State-owned oil refineries, hospitals, schools, care facilities, and government institutions worldwide have all been hit by Ryuk over the past year.
The cryptocurrency ransom amount is usually scaled to the worth of the target. In this case, New Orleans officials are yet to confirm Ryuk’s involvement, or how much the hackers have demanded.
Last week, Hard Fork reported that a strain of Ryuk had been recently found to have been peddling a broken decryption tool, meaning that victims who paid the Bitcoin ransom to unlock their files could inadvertently destroy them forever.
Get the TNW newsletter
Get the most important tech news in your inbox each week.