$2 Million Ransomware Attack on Monroe College

Delaware, USA – July 17, 2019 – New York City’s Monroe College has become a recent victim of a large-scale ransomware attack as a result of which the entire network of the educational institution was disabled. It is not known exactly which cybergang is behind this incident, but judging by the required gigantic ransom amount (170 bitcoins), this is one of the groups that attack government and enterprise-size companies: Ryuk, Sodinokibi, or IEncrypt. Unlike some cities, the administration of Monroe College does not intend to pay a ransom and promises to pay more attention to cybersecurity after recovering from backups. The students that take classes online suffered most of all as a result of the attack, but the College resolved this problem relatively quickly.

It also became known about another city that paid a large ransom to Ryuk gang for decrypting data. La Porte County, Indiana, paid $ 130,000 to attackers to restore network services. The security team responded quickly and was able to stop the rapid spread of infection so that the attackers managed to encrypt only about 7% of the systems on the network. Unfortunately, among these per cents, there were domain controllers and backup servers. The incident occurred on the eve of the resolution adopted by the US Conference of Mayors to no longer pay attackers for decrypting files.

As stated in Coveware report, in the second quarter of 2019, the average amount of ransom payment for decrypting files increased by 184%, mainly due to Ryuk and Sodinokibi ransomware attacking government and corporate networks. At the same time, the average payment from a government organization is almost 10 times more and is equal to $ 338,700. The public sector organizations are attracting more and more attackers’ attention, as they are relatively easy targets due to insufficient IT security funding, as well as due to information in the media about large ransom payments.

Content to detect Ryuk ransomware in a corporate network by Lee Archinal: https://tdm.socprime.com/tdm/info/2298/