On April 13th, two different public institutions were hit by the same malware and had their services disrupted. The malware in question is called Ryuk Ransomware, an advanced ransomware threat - after infiltrating the victim's computer system it starts spreading throughout the local network encrypting files with a strong encryption algorithm making them inaccessible.
In Imperial County, California, the government website and communications system were taken down by the ransomware. Members of the county’s staff were forced to use Facebook and Twitter accounts for public communication. Ryuk was also responsible for affecting the online payment system of the treasurer and tax collector's office as well as the Department of Social Services. The attackers demanded payment in Bitcoins for the decryption of the files they had taken hostage. In a statement, Imperial County’s Board of Supervisors Chairman Ryan Kelley said that the county "has not and will not pay any form of ransom, now or in the future." A private security firm was hired to help deal with the aftermath of the ransomware attack and restore the affected systems back to normal as soon as possible.
At the same time, Ryuk Ransomware was also deployed in an attack against the city of Stuart. According to officials, an email phishing scam was more than likely used to deliver the malware. Once inside the system, Ryuk wreaked havoc on the city's servers forcing them to disconnect from the network. While the servers operating payroll, budgeting, utilities, and other important functions were brought back online swiftly, restoring email functionality proved to be a more challenging task requiring over ten days. Stuart also refused to yield to the demands of the attackers and pay an undisclosed sum in Bitcoins.
Ryuk Ransomware Is Responsible for Several High-Profile Attacks
At the start of the year, Ryuk managed to disrupt the printing and delivery of all Tribune Publishing newspapers as well as newspapers that used to be part of Tribune Publishing. Some of the affected newspapers were Los Angeles Times, Chicago Tribune, Wall Street Journal, and the New York Times.
Then, in March, Ryuk Ransomware crippled the IT systems of Jackson County, Georgia, for more than two weeks. The county was unable to successfully repair the damage caused by the malware and reportedly paid $400 000 to the attackers for the restoration of the affected IT infrastructure.
Boston's Committee for Public Counsel Services, a public defenders agency, also fell victim to Ryuk Ransomware. Although the attack encrypted some files, no ransom payment was made. Still, the process of removing Ryuk from the network resulted in a slowdown of the committee's normal course of work, the delaying of trials and the disabling of their email services.