Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

La Porte County finally opted to pay $130,000 Ransom

On July 6, a ransomware attack brought down government computer systems at La Porte County, Indiana, finally, the county decided to pay $130,000 ransom. On July 6, a ransomware attack paralyzed the computer systems at La Porte County, Indiana, according to County Commission President Dr. Vidya Kora, employees were not able to access to any […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

On July 6, a ransomware attack brought down government computer systems at La Porte County, Indiana, finally, the county decided to pay $130,000 ransom.

On July 6, a ransomware attack paralyzed the computer systems at La Porte County, Indiana, according to County Commission President Dr. Vidya Kora, employees were not able to access to any government email or website.

The county IT director shut down the computer systems to avoid the spreading of the threat and to limit potential damage. At least half of the servers at the county’s infrastructure were infected, less than 7% of the laptops was not impacted.

Now La Porte County decided to pay $130,000 to recover data on systems infected with the ransomware.

For at least three days, government systems were not working forcing the County officials to evaluate the option to pay the ransom.

Immediately after the attack, the county reported the incident to the FBI and was working with experts of some security firms to investigate the attack and mitigate the threat. The law firm of Mullen Coughlin LLC was managing the incident response operations, but despite the efforts of the experts the La Porte County was not able to resume its operations.

According to WSBT, La Porte County’s systems were infected with a variant of the Ryuk ransomware, the same malware that infected computers at City of Lake City on June 10.

“Two organizations in our area are recovering from recent cyber attacks. Both the South Bend Clinic and La Porte County government are dealing with the aftermath.” reported the WSBT.

“La Porte County paid the ransom on a cyber attack that locked up part of the government’s computer system. The Ryuk virus got into the backup servers.”

Loocipher Ransomware

It seems that $100,000 out of $130,000 are being covered by insurance.

“Fortunately, our county liability agent of record, John Jones, last year recommended a cybersecurity insurance policy which the county commissioners authorized from Travelers Insurance” explained Dr. Vidya Kora,

Recently other administrations decided to pay the ransom to decrypt their files. Crooks earned a total of over $1 million in June from the attacks on two municipalities in Florida, Lake City and Riviera Beach.

In April, Stuart City was victim of the Ryuk Ransomware too, but it refused to pay the ransom. Early March, another city was hit by the same ransomware, computers of Jackson County, Georgia, were infected with Ryuk that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.

The Ryuk ransomware appears connected to Hermes malware that was associated with the notorious Lazarus APT group.

The same ransomware was recently used in an attack that affected the newspaper distribution for large major newspapers, including the Wall Street Journal, the New York Times, and the Los Angeles Times.

Further investigation on the malware allowed the experts from security firms FireEye and CrowdStriketo discover that threat actors behind the 
Ryuk ransomware are working with another cybercrime gang to gain access to target networks. They are collaborating with threat actors behind TrickBot, a malware that once infected a system creates a reverse shell back to the attackers allowing them to break into the network.

Experts at Crowdstrike believe the Ryuk ransomware is operated by a crime gang they tracked as GRIM SPIDER, in particular by its Russian based cell dubbed WIZARD SPIDER that is behind TrickBot.

Experts pointed out that Hermes was available for sale into the online underground community, attackers could have purchased it to create their own version of Ryuk.

Recently the United States Conference of Mayors asked its members to “stand united” against paying ransoms in case their systems are hit by ransomware. The decision is essential to discourage criminal practice.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – La Porte, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]