Cybersecurity researchers have declared that Stuart’s city hall ransomware cyberattack was most likely caused by a phishing email.
During a malware analysis, it was found that the notorious ransomware is the well-known Ryuk. This cyber threat managed to infect city’s servers in minutes which forced the local city authorities to disconnect from its network.
For those who don’t know Ryuk ransomware is a very powerful and dangerous cyberthreat, once it encrypts your files, there’s no way to decrypt them.
For the moment all internal email services are still not available and because of it the city’s police and fire department personnel went back in time to paper and pencil, but the good news is other servers have been fully restored and all the data behind both the police department and the fire department’s servers still exist. The city IT department restored servers that operate payroll, utilities, budgeting, and other vital functions.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
It is known for sure that this cyber attack was defiantly not a “brute-force” which translates in hackers cannot remote access servers. Because brute-force is out of the discussion, the only possibility here is that a regular desktop computer that doesn’t have outside connectivity got infected via a phishing email-type scam.
The process is a long a painful one because cybersecurity experts found a computer that would re-infect itself almost instantly after it is cleaned which is something new for Ryuk usual behavior.
This unfortunate cyber event went outside city limits and the FBI stepped in as soon as a demand for an undisclosed amount of Bitcoin was made to decrypt the city’s servers.
The only statement of the federal government was short and with lack of details:
” We are going to do what we can to try to pinpoint the cybercriminal which is behind the attack because it could be more than one group of people who are doing it.
Officials say that email servers will also receive an upgrade that will take longer than expected, but there are promises that if there’s nothing wrong with that old server and old hardware everything should go back online in a week or two.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.