430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Ryuk Ransomware is suspected to be involved in the New Orleans cyberattack

New evidence suggests that in the recent attack against the systems at the City of New Orleans was used the Ryuk ransomware. Over the weekend, New Orleans officials announced in a press conference that the city was hit by a ransomware attack, the incident was discovered in the morning of December 13, 2019. The IT […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

New evidence suggests that in the recent attack against the systems at the City of New Orleans was used the Ryuk ransomware.

Over the weekend, New Orleans officials announced in a press conference that the city was hit by a ransomware attack, the incident was discovered in the morning of December 13, 2019.

The IT staff immediately informed all employees of the incident and asked them to power down computers to avoid the threat spreading.

Employees were ordered to turn off and unplug their computers from the network as soon as possible via the city hall’s public loudspeakers systems.

Every device was disconnected from the city’s networks, at the time the family of the ransomware that infected its systems was not revealed.

Now, additional information on the attack was shared in the media.

According to files uploaded to the VirusTotal scanning service, the ransomware involved in the City of New Orleans was likely the Ryuk Ransomware.

The day after the ransomware attack on the City of New Orleans, on December 14th, 2019, memory dumps of suspicious executables were uploaded to VirusTotal from an IP address from the USA.

“One of these memory dumps, which contained numerous references to New Orleans and Ryuk, was later found by Colin Cowie of Red Flare Security and shared with BleepingComputer.com.” reported BleepingComputer.

https://twitter.com/th3_protoCOL/status/1206072329782153217

The dump discovered by Cowie is associated with an executable named ‘yoletby.exe,’ it was containing references to the City of New Orleans including domain names, domain controllers, internal IP addresses, user names, file shares, The same dump contained references to the Ryuk ransomware, a circumstance that suggests that this family of malware was used in the attack of the City of New Orleans.

The expert noticed that the dump contained the HERMES file marker, file names ending with the .ryk extension, and references to the created RyukReadMe.html ransom notes.

Experts at BleepingComputer also found evidence that the Ryuk ransowmare was used in the attack against the City of New Orleans.

“Of particular interest in the v2.exe memory dump is a string that refers to the New Orleans City Hall.” continues BleepingComputer.

“After further digging around, BleepingComputer was able to find a v2.exe executable, and after executing it, was able to confirm that it was the Ryuk ransomware.”

Let’s wait for more details about the attack from the City of New Orleans.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – cybercrime, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]