Ryuk Ransomware Takes Out Durham, North Carolina

The North Carolina city of Durham has become the latest US municipality struck by ransomware after reports suggested the Ryuk variant forced key services offline.

In an update on Sunday, the local authority claimed that both the City of Durham and Durham County Government are now in the “recovery process” after being hit by the attack on Friday.

Although emergency calls, 911 and “critical public safety systems” were operational throughout, the incident forced the city to shut down its phone system to contain the attack.

“There are phone disruptions to other city facilities and services, such as Durham One Call’s phone line at 919-560-1200, Durham Parks and Recreation centers, City Hall, etc,” it explained.

However, the municipality’s website and app were not affected, and therefore able to deal with residents’ bill payments and other services.

According to local reports, the Ryuk ransomware arrived in a phishing email sent to a city employee.

Aleksander Gorkowienko, managing consultant at Spirent SecurityLabs, argued that organizations need a combination of employee education and technology controls to mitigate the phishing threat.

“Attackers are clever and opportunistic and, by trial and error, they are continuously searching for methods which statistically give them the highest probability of success with the lowest effort. Here we have good evidence that old methods still work well,” he added.

“The lesson for the future is that organizations should balance their efforts between investing in the newest technological security solutions and education of their personnel. “

Cesar Cerrudo, CTO of IOActive, argued that it’s time for local governments in the US to wake up to the ransomware threat.

“City systems are less protected than private sector systems, so it's no surprise that cyber-criminals target them as easier and juicier targets to ensure they keep profiting,” he claimed.

“Cities need to start investing more on cybersecurity in general, including education, threat assessment, monitoring, prevention, etc. in order to have well established plans for quick reaction and recovery from cyber-attacks.”

What’s Hot on Infosecurity Magazine?