On Monday, Georgia’s Judicial Council and Administrative Office of the Courts announced that hackers infected its systems with ransomware. Spokesman Bruce Shaw told the local media, “Our systems have been compromised, so we have quarantined our servers and shut off our network to the outside.”
Shaw didn’t detail the scope of the infection but did say the attackers hadn’t sent any demands. Furthermore, the agency reported it had contacted “external agencies” to get help in dealing with the cyber-attack.
While details are still emerging about the Georgia hack, preliminary reports indicate the attackers used Ryuk malware. Debuting in August 2018, Ryuk is a powerful piece of malware that encrypts a network’s files and resources. Analysts have found that the ransomware is particularly damaging because it deletes shadow copies of user information.
As such, 95 percent of Ryuk victims that don’t have external backups of their data have to either pay up or lose everything.
Because of its effectiveness, malicious operators collected $640,000 in ransom in the first round of Ryuk attacks. Cybersecurity experts found the hacking tool shares identical code with a strain of ransomware called Hermes. Analysts have determined that Hermes is a North Korean cyber weapon. As such, digital security officials believe Ryuk is also state-sanctioned malware.
However, Malwarebytes Labs theorizes the newer malware’s deployment pattern suggests opportunistic criminals are using it. Regardless of who is behind the attacks, Ryuk has proven its prowess as a highly effective cyber weapon.
Florida Ryuk Ransomware Attacks
Hackers have now used Ryuk in three municipal cyber-attacks in the last month. In late June, malicious operators infected the digital infrastructure of Florida small town Key Biscayne. As of this writing, the area’s officials haven’t decided how to respond to the attack.
In early June, hackers used Ryuk to hold the slightly larger Florida town of Lake City hostage. The malware devastated the area’s digital infrastructure by locking officials out of the municipal phone, email, and, data networks. Despite the advice of most cybersecurity experts and the Federal Bureau of Investigation, the town’s leadership decided to give into the criminals’ demands.
Through its association with the regional partnership group the Florida League of Cities, Lake City paid 42 Bitcoins ($460,000) to decrypt their systems. While the township’s insurance covered all but $10,000 of the ransom, the city manager terminated the area’s information technologies director.
It’s also worth noting the Florida city of Riviera Beach paid $600,000 in Bitcoins to resolve a June ransomware attack. Currently, the city’s officials haven’t said which malware hackers used to attack their systems.
Municipal Malware Attacks on the Rise
In May, cybersecurity firm Recorded Future reported there had been 21 public sector ransomware attacks in 2019. As there were only 53 such assaults in all of 2018, municipal ransomware infections have obviously become very popular this year.
Indeed, the founders of the ransomware marketplace Grand Crab announced they were shuttering their platform because they had made enough money. The malicious operators claimed they made more than $150 million a year selling hacking tools. The group also bragged that other criminals use their cyber weapons to extract more than $2 billion in ransom.
Given that an increasing number of municipalities are willing to shell out hundreds of thousands of dollars to avoid paying millions in digital infrastructure repairs, ransomware attacks will only increase in frequency.