Archive for the ‘ryuk’ Category

Georgia court systems recovering from apparent Ryuk ransomware

July 2nd, 2019
A ransom note is plastered across a laptop monitor.

Enlarge / The latest victim of an apparent wave of Ryuk ransomware has managed to fend off paying attackers, but not everyone is getting away unscathed. (credit: Getty Images)

A spokesman for Georgia's Administrative Office of the Courts has confirmed that the AOC's information technology team discovered ransomware on the organization's servers on Saturday. While the spokesman could not provide specific details about the ransomware involved in the attack, its characteristics are consistent with the Ryuk ransomware that has struck multiple companies and government agencies over the past few months—including at least two Florida cities.

Bruce Shaw, communications and outreach specialist for the AOC, told Ars that a file containing contact information for the ransomware operators was left on the affected servers but that no specific ransom was demanded. "After an assessment of our system, it was determined that it would be best to take our network offline," Shaw said.

The attack's affects were isolated to servers providing the AOC's applications—including case management. "Individual courts' networks are not affected," Shaw said. "Only courts who use applications hosted by our network might experience some delay in their local operations. Our understanding is that all courts are operational, but some processes normally handled by our applications may be impacted."

Read 5 remaining paragraphs | Comments

Posted in Baltimore ransomware attack, Biz & IT, Florida ransomware, Georgia, ransomware, ryuk | Comments (0)

Ryuk, Ryuk, Ryuk: Georgia’s courts hit by ransomware

July 1st, 2019
Court systems in Georgia are down due to a ransomware attack. Surprise.

Enlarge / Court systems in Georgia are down due to a ransomware attack. Surprise. (credit: Rivers Langley / SaveRivers / Wikimedia)

Georgia's Judicial Council and Administrative Office of the Courts is the victim of the latest ransomware attack against state and local agencies. And this looks like the same type of attack that took down the systems of at least two Florida municipal governments in June.

Administrative Office of the Courts spokesman Bruce Shaw confirmed the ransomware attack to Atlanta's Channel 11 News. The Administrative Office of the Courts' website is currently offline.

Shaw told 11 News that some systems had not been affected by the ransomware but that all systems connected to the network had been taken offline to prevent the ransomware from spreading. The Courts' IT department was in contact with "external agencies" to coordinate a response to the attack, Shaw said.

Read 4 remaining paragraphs | Comments

Posted in Atlanta, Biz & IT, Florida, ransomware, ryuk | Comments (0)

Florida LAN: Someone clicks link, again, giving Key Biscayne ransomware

June 28th, 2019
Key Biscayne, Florida, is the third Florida local government to get hit by ransomware within a month.

Enlarge / Key Biscayne, Florida, is the third Florida local government to get hit by ransomware within a month. (credit: Alicia Vera/Bloomberg via Getty Images)

A third Florida local government has reported that it has been struck by ransomware. Key Biscayne joins Lake City as a victim of Ryuk, a form of ransomware first spotted in August of 2018. Ryuk was the final piece of what has been labeled the "Triple Threat' attack, the other two threats being Emotet and Trickbot malware.

While the attack on Riviera Beach, Florida revealed last week was similar—all three cases start with a city employee clicking on an attachment in email and unleashing malware—it's not certain if that attack was also based on Ryuk.

Ryuk is targeted ransomware, originally linked to the North Korean "Lazarus" threat group, but now it appears to have been adopted by non-state criminal ransomware operators as well. It comes with a tailored ransom note that directs victims to contact the attacker via email. It has been known to lay dormant for up to a year before executing.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, Emotet, Florida, ransomware, ryuk, TrickBot | Comments (0)

New ransomware rakes in $4 million by adopting a “big game hunting” strategy

January 12th, 2019
New ransomware rakes in $4 million by adopting a “big game hunting” strategy

(credit: Tracy O / Flickr)

A recently discovered ransomware group has netted almost $4 million since August, in large part by following a path that’s uncommon in its industry—selectively installing the malicious encryption software on previously infected targets with deep pockets. The method differs from the usual one of indiscriminately infecting all possible victims. That’s the take of two analyses published Thursday, one by security firm CrowdStrike and the other by competitor FireEye.

Both reports say that Ryuk, as the ransomware is known, infects large enterprises days, weeks, or as much as a year after they were initially infected by separate malware, which in most cases is an increasingly powerful trojan known as Trickbot. Smaller organizations infected by Trickbot, by contrast, don’t suffer the follow-on attack by Ryuk. CrowdStrike called the approach “big-game hunting” and said it allowed its operators to generate $3.7 million worth of Bitcoin across 52 transactions since August.

Besides pinpointing targets with the resources to pay hefty ransoms, the modus operandi has another key benefit: the “dwell time”—that is, the period between the initial infection and the installation of the ransomware—gives the attackers time to perform valuable reconnaissance inside the infected network. The reconnaissance lets attackers CrowdStrike dubs Grim Spider maximize the damage it causes by unleashing the ransomware only after it has identified the most critical systems of the network and obtained the passwords necessary to infect them.

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, ransomware, ryuk, SamSam | Comments (0)