Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Stuart City is the new victim of the Ryuk Ransomware

Another city fell victim of a malware attack, systems at the city of Stuart, Fla., were infected by the Ryuk ransomware on April 13, 2018. Law enforcement is investigating a ransomware attack that hit the City of Stuart on April 13, 2018. The Ryuk malware infected several servers and forced them offline. “City officials on […]

Stuart city

Another city fell victim of a malware attack, systems at the city of Stuart, Fla., were infected by the Ryuk ransomware on April 13, 2018.

Law enforcement is investigating a ransomware attack that hit the City of Stuart on April 13, 2018. The Ryuk malware infected several servers and forced them offline.

“City officials on Wednesday confirmed a computer virus that infected servers over the weekend was the result of a ransomware attack.” reported the website TCPalm.

“The virus detected Saturday froze up the city’s servers and they are still offline, said Stuart City manager David Dyess.”

According to officials, the ransomware attack targeting the city of Stuart started with a phishing email, the infection was discovered by an IT employee who was setting up a new server.

City manager David Dyess confirmed that the city systems were infected with a strain of the Ryuk ransomware, but he did not disclose the Bitcoin ransom demanded by crooks.

“They discovered we had two things going on: We had what’s called a trickbot, which is basically a malware type of regular virus which can lead to other more serious issues,” Dyess said. “We also had the Ryuk virus that is an encryptor virus, where it encrypts your files and specifically likes to target your servers.”

Stuart city

At the time of writing, Dyess confirmed that experts are investigating to determine the way the attackers exploited to infect the systems.

IT staff at Stuart city has restored servers, payroll, utilities, and budgeting, only city employees still don’t have access to their email accounts.

Stuart’s police and fire departments are still offline, Dyess believe that overall services should be fully restored within the next week.

Early March, another city was hit by the same ransomware, computers of Jackson County, Georgia, were infected with Ryuk that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.

Unlike the Jackson County, Stuart City refused to pay the ransom.

“We are not negotiating with them. We are in the process of trying to rebuild our systems,” Dyess said. “We also began scanning every server in the city and every (personal computer) and every laptop in every department to eliminate any viruses on those outer machines.”

Dyess confirmed that the impact was limited thanks to the availability of city’s computer backup system.

“If we wouldn’t have had these viable backups, we would probably be in a situation where we had to move into negotiations,” he said. “But with those backups in place, why would we negotiate?”

The Ryuk ransomware appears connected to Hermes malware that was associated with the notorious Lazarus APT group.

The same ransomware was recently used in an attack that affected the newspaper distribution for large major newspapers, including the Wall Street Journal, the New York Times, and the Los Angeles Times.

Further investigation on the malware allowed the experts from security firms FireEye and CrowdStriketo discover that threat actors behind the 
Ryuk ransomware are working with another cybercrime gang to gain access to target networks. They are collaborating with threat actors behind TrickBot, a malware that once infected a system creates a reverse shell back to the attackers allowing them to break into the network.

Experts at Crowdstrike believe the Ryuk ransomware is operated by a crime gang they tracked as GRIM SPIDER, in particular by its Russian based cell dubbed WIZARD SPIDER that is behind TrickBot.

Experts pointed out that Hermes was available for sale into the online underground community, attackers could have purchased it to create their own version of Ryuk.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Ryuk ransomware, Stuart city)

[adrotate banner=”5″]

[adrotate banner=”13″]