The City of Durham, North Carolina and the County of Durham are the latest victims of a ransomware attack, with services taken offline over the weekend as officials attempted to contain and fix the infection.

The attack vector is believed to have involved phishing. Local reports said the Ryuk ransomware was used in the attack. The attack was detected Friday night and services were down most of the weekend before being mostly restored by today.

“Fortunately, the City was prepared with notification systems in place that worked as planned, providing immediate notice to City IT staff that enabled a very quick response that minimized damage to operating systems,” statements on both the county and the city websites said. “The County also received notification late Friday of attacks on their networks, and responded immediately as well.”

Ryuk, initially linked to North Korea, is now believed to be linked to a Russian crime syndicate. The ransomware was most recently in the news when it was used in an attack against the U.S. Coast Guard in January and a Mexican petroleum company in November.

“The successful ransomware attack on the City of Durham is not a consequence of technical issue or negligence but, almost a classic problem with the weakest element in the cybersecurity chain — humans,” Aleksander Gorkowienko, managing consultant at the SecurityLabs division of telecommunications testing company Spirent Communications plc, told SiliconANGLE. “It is not a misconfigured firewall or broken intrusion detection system that led to the disaster, but a lack of awareness and understanding of modern cybersecurity risks by personnel.”

He noted that attackers are opportunistic and continuously search for methods that give them the highest probability of success with the lowest effort. “Here we have good evidence that old methods still work well,” he said. “The lesson for the future is that organizations should balance their efforts between investing in the newest technological security solutions and education of their personnel.”

The important thing, he added, is to have a contingency plan and never forget to make regular backups.

Photo: HangingCurve/Wikimedia Commons