Ruyk ransomware shuts down operations in New Orleans, US

This has been a year marked by the notorious increase in ransomware attacks registered in thousands of organizations around the world, especially in the United States, and incidents keep popping up. This time, digital forensics experts report that the city of New Orleans, in the state of Louisiana, US, has declared a state of emergency and forced the shutdown of multiple systems due to a ransomware infection.

Apparently, some of the city’s computer systems began to show signs of suspicious activity in the early hours of last Friday, December 13. A few hours later unauthorized activity increased, as the city’s IT department had already detected multiple phishing attempts and encryption malware samples.

State of Emergency oficial declaration

Kim LaGrue, New Orleans’ IT director, confirmed the attack that same day, mentioning that, as a security measure, some of the city’s servers were shut down.

On the other hand, LaToya Cantrell, mayor of New Orleans, mentioned that while the presence of encryption malware has been confirmed on the city’s computer systems, the digital forensics department has not yet received a ransom note or any other contact attempts by the attackers. Regarding the type of malware used during this attack, it is mentioned that it is highly likely to be Ryuk, a dangerous ransomware variant detected in many other infection cases in local governments throughout the US.

As mentioned before, there are many reported cases of ransomware infections in local and state governments over the most recent months. States like Florida, Georgia and New York have suffered ravaging encryption malware infections that forced the investing of extensive resources for system and compromised information recovery.

Among the various cases reported over the last year, digital forensics firms highlight what happened in the state of Louisiana; a couple of months ago, the state governor decided to declare a state of emergency due to a ransomware infection that crippled most government computer systems at the state level. Independent investigators, security firms and federal authorities had to collaborate in the incident recovery process, although surely the worst news is this new infection affecting operations in one of the most important Louisiana cities.

Several digital forensics specialists consider that local governments are especially prone to suffer the consequences of a ransomware infection, as most of the time these organizations do not have sufficient human, financial and technological resources to develop plans for the prevention, containment and recovery of computer security incidents, making them easy prey for threat actors.

Fortunately, New Orleans does have an action plan in case of cybersecurity incidents, which is already being implemented, ensuring the operation of some systems without an Internet connection, and even resorting to the performance of some activities using just pen-and-paper, at least until the city’s IT department considers it safe to restore all potentially affected systems. In addition, the local government has begun investigating the incident internally.

Specialists from the International Institute of Cyber Security (IICS) believe that the implementation of this emergency plan is a sign that the local government has learned a lesson from the past, and even though malicious hackers always find ways to exploit security weaknesses in an organization, it is vital that security and incident response teams have a backup plan in place to prevent attacks from spreading and generating large-scale consequences.