SECURITY
SECURITY
SECURITY
Russian-linked Ryuk ransomware hits Durham, NC
The City of Durham, North Carolina and the County of Durham are the latest victims of a ransomware attack, with services taken offline over the weekend as officials attempted to contain and fix the infection.
The attack vector is believed to have involved phishing. Local reports said the Ryuk ransomware was used in the attack. The attack was detected Friday night and services were down most of the weekend before being mostly restored by today.
“Fortunately, the City was prepared with notification systems in place that worked as planned, providing immediate notice to City IT staff that enabled a very quick response that minimized damage to operating systems,” statements on both the county and the city websites said. “The County also received notification late Friday of attacks on their networks, and responded immediately as well.”
Ryuk, initially linked to North Korea, is now believed to be linked to a Russian crime syndicate. The ransomware was most recently in the news when it was used in an attack against the U.S. Coast Guard in January and a Mexican petroleum company in November.
“The successful ransomware attack on the City of Durham is not a consequence of technical issue or negligence but, almost a classic problem with the weakest element in the cybersecurity chain — humans,” Aleksander Gorkowienko, managing consultant at the SecurityLabs division of telecommunications testing company Spirent Communications plc, told SiliconANGLE. “It is not a misconfigured firewall or broken intrusion detection system that led to the disaster, but a lack of awareness and understanding of modern cybersecurity risks by personnel.”
He noted that attackers are opportunistic and continuously search for methods that give them the highest probability of success with the lowest effort. “Here we have good evidence that old methods still work well,” he said. “The lesson for the future is that organizations should balance their efforts between investing in the newest technological security solutions and education of their personnel.”
The important thing, he added, is to have a contingency plan and never forget to make regular backups.
Photo: HangingCurve/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
