Delaware, USA – March 11, 2019 – Local governmental systems in Jackson County, Georgia, suffered an extensive attack that made the officials pay the ransom equal to $400,000 to restore the access to the systems after shutting down all the operations. The local services laid under the necessity of conducting the on-time performance on paper since not only computer systems and email services, but also emergency services were hit by ransomware.
The evidence of the attack investigation points at the Ryuk malware that snailed into the governmental system on March, 1. The victimized systems were beyond backup recovery due to the fact that there was surprisingly no backup system data that actually brought the authorities and cyber security consultants negotiate with the hackers and pay the ransom in bitcoins.
Ryuk is distributed via spam campaigns preceded by credentials collection and network mapping. The malware targets different businesses and disrupts the core operations, as it was printing and delivery services of the Tribune Publishing in December 2018. Spot by researchers in August 2018, Ryuk is becoming rather lucrative ransomware having earned more than 400 bitcoins during the previous four months. You can spot traces of such attacks using Ransomware Hunter rule pack: https://my.socprime.com/en/integrations/ransomware-hunter-arcsight
You can also detect Ryuk infection with Sigma rules available at Threat Detection Marketplace: https://tdm.socprime.com/tdm/info/1379/