North Carolina City And County Shut Down After Ryuk Ransomware Attack – Expert Commentary

By   ISBuzz Team
Writer , Information Security Buzz | Mar 11, 2020 03:39 am PST

The City and County of Durham, North Carolina shut down networks following a cyberattack by the Ryuk Ransomware. The county and city was victim to a phishing attack that led to the deployment of the ransomware on their systems.

Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Milo Jaimes
Milo Jaimes , Director of sales
March 12, 2020 10:18 am

For over a year now I have been trying to call mayors, city managers, city council, and warn them of ransomware and the increased intensity the attackers are leveling up to. I often am frustrated by the indifference and denial that most people have towards the threats facing their own city and lives of the community.
The reality is that we are facing a crisis in America with lack of funds and overwhelming amounts of vulnerability in the systems that most critical infrastructure is run on. Sewer. Water. Police. Fire. EMT.
Please do something and call Sollievo IT or someone and do a Cybersecurity check up

Last edited 4 years ago by Milo Jaimes
Stuart Reed
Stuart Reed , UK Director
March 11, 2020 11:54 am

The Ryuk ransomware has struck again but this time its victim has learned from the mistakes of the past. The same ransomware that allegedly caused the City of New Orleans to declare a state of emergency last year was quickly identified by Durham City and the County of Durham in North Carolina, which shut down their systems to prevent further spread. As well as containing the ransomware, it is significant that the local government bodies kept emergency services online.

While the response has been impressive, many computer systems still remain offline, no doubt causing disruption. There also remains the question of how a known ransomware managed a successful infiltration. Ryuk is executed through phishing emails, highlighting why it is so important that layers of security are implemented – from employee education through to network detection and response – when building a more robust security posture.

Last edited 4 years ago by Stuart Reed
Peter Goldstein
Peter Goldstein , CTO and Co-founder
March 11, 2020 11:42 am

Phishing is implicated in more than 90% of all cyberattacks, and it is the preferred vector used by the Ryuk ransomware that hit Durham City and the County of Durham computers and systems last week. One of the key ways governments can close the door against such attacks is to adopt industry best practices, including the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard, a vendor-neutral authentication technology that allows organizations to protect their emailing domains from being used in impersonation-based phishing. This is a highly effective approach in blocking ransomware, BEC and countless other attacks. In fact, the U.S. federal government has already made huge strides in adopting DMARC, thanks to a forward-thinking directive from the Department of Homeland Security in 2017. But many government agencies at the state and local level remain unprotected, and therefore will continue to be vulnerable to Ryuk and more.

Last edited 4 years ago by Peter Goldstein

Recent Posts

Would love your thoughts, please comment.x