The city of New Orleans, Louisiana has suffered a ransomware attack, leading to shut down of the city’s servers and computers.
The Mayor of the city confirmed that the city was hit by a ransomware attack, but no ransom was demanded at the moment. Chief Information Officer of the city has said that the attack was detected around 5 AM when suspicious activity was detected in the network. The city responded to the attack by shutting down various servers and systems keeping the emergency systems active.
The files infected by virus upon research have suggested that the attack conducted was done by Ryuk ransomware threat actors. Memory dumps are a snapshot of the memory that is being used by the application and is generally used for cyber-attack investigations. Researchers have found an executable named ‘yoletby.exe’ which contains various New Orleans references like, domain names, IP addresses, names, user names, shared files, etc.
The files found in the memory dump also had HERMES file marker, file names ending with .ryk extension, and references to ‘RyukReadMe.html’ ransom notes. Researchers have also presented a high probability of Emotet and TrickBot presence. Emotet is a malware capable of infecting multiple systems connected in a network and TrickBot can be used to access CNC servers to install more malware in the target system.
Use NPAV and join us on a mission to secure the cyber world.