New evidence suggests that in the recent attack against the systems at the City of New Orleans was used the Ryuk ransomware.
Over the weekend, New Orleans officials announced in a press conference that the city was hit by a ransomware attack, the incident was discovered in the morning of December 13, 2019.
The IT staff immediately informed all employees of the incident and asked them to power down computers to avoid the threat spreading.
Employees were ordered to turn off and unplug their computers from the network as soon as possible via the city hall’s public loudspeakers systems.
Every device was disconnected from the city’s networks, at the time the family of the ransomware that infected its systems was not revealed.
Now, additional information on the attack was shared in the media.
According to files uploaded to the VirusTotal scanning service, the ransomware involved in the City of New Orleans was likely the Ryuk Ransomware.
The day after the ransomware attack on the City of New Orleans, on December 14th, 2019, memory dumps of suspicious
“One of these memory dumps, which contained numerous references to New Orleans and Ryuk, was later found by Colin Cowie of Red Flare Security and shared with BleepingComputer.com.” reported
The dump discovered by Cowie is associated with an executable named ‘
The expert noticed that the dump contained the HERMES file marker, file names ending with the
“Of particular interest in the v2.exe memory dump is a string that refers to the New Orleans City Hall.”
“After further digging around,
Let’s wait for more details about the attack from the City of New Orleans.
The post Ryuk Ransomware is suspected to be involved in the New Orleans cyberattack appeared first on Security Affairs.