Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Ryuk Ransomware Takes Out Durham, North Carolina

The North Carolina city of Durham has become the latest US municipality struck by ransomware after reports suggested the Ryuk variant forced key services offline.

In an update on Sunday, the local authority claimed that both the City of Durham and Durham County Government are now in the “recovery process” after being hit by the attack on Friday.

Although emergency calls, 911 and “critical public safety systems” were operational throughout, the incident forced the city to shut down its phone system to contain the attack.

“There are phone disruptions to other city facilities and services, such as Durham One Call’s phone line at 919-560-1200, Durham Parks and Recreation centers, City Hall, etc,” it explained.

However, the municipality’s website and app were not affected, and therefore able to deal with residents’ bill payments and other services.

According to local reports, the Ryuk ransomware arrived in a phishing email sent to a city employee.

Aleksander Gorkowienko, managing consultant at Spirent SecurityLabs, argued that organizations need a combination of employee education and technology controls to mitigate the phishing threat.

“Attackers are clever and opportunistic and, by trial and error, they are continuously searching for methods which statistically give them the highest probability of success with the lowest effort. Here we have good evidence that old methods still work well,” he added.

“The lesson for the future is that organizations should balance their efforts between investing in the newest technological security solutions and education of their personnel. “

Cesar Cerrudo, CTO of IOActive, argued that it’s time for local governments in the US to wake up to the ransomware threat.

“City systems are less protected than private sector systems, so it's no surprise that cyber-criminals target them as easier and juicier targets to ensure they keep profiting,” he claimed.

“Cities need to start investing more on cybersecurity in general, including education, threat assessment, monitoring, prevention, etc. in order to have well established plans for quick reaction and recovery from cyber-attacks.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Carnival Cruise Lines Hacked

2
News

Walgreens App Error Has Customers Viewing Each Other's Personal Messages

3
News

Home Office Admits 100 GDPR Breaches in EU Scheme

4
News

CIA Accused of Mounting 11-Year Cyber-Attack Against China

5
News

Canada's Auditor General: "Our Main IT System Is Running on DOS"

6
News

Tesco Issues 600,000 New Clubcards After Brute Force Attack

1
News

Los Angeles Utility Accused of Cybersecurity Coverup

2
News

Phishers Use Fake HIV Test Results as Bait

3
Interview

#InternationalWomensDay Interview: Limor Kessem, Executive Security Advisor, IBM Security

4
News

Google Play Protect IDs Just a Third of Malicious Apps

5
News

Human Error Linked to 60% of Security Breaches

6
News

Ryuk Ransomware Takes Out Durham, North Carolina

1
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

2
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

3
Webinar

Gain Control and Security of Your File Collaboration

4
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

5
Webinar

AI in Security: Keeping Up with the Trend

6
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

1
Blog

Women in Cybersecurity Keynote: Bobbie Stempfley Shares Invaluable Career Advice

2
News Feature

CyberCenturion Winners Crowned as Competition Culminates in London

3
Interview

#RSAC Video Interview: Kathleen Smith, CMO, CyberSecJobs

4
Interview

Interview: Carolyn Crandall, Chief Deception Officer, Attivo Networks

5
Opinion

How the Cloud Complicates the Digital Crime Scene

6
Blog

Meeting SOC 2 Compliance With Your Own Products