Municipalities took a beating this week with at least four reporting being shut down from new ransomware attacks or struggling to recover from an older incident.
Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were all in different stages of recovering from ransomware attacks over the last seven days.
Augusta City Center operations were shuttered after being hit with malware on April 18, according to the Sun-Journal. The city’s IT department did not say ransomware was to blame, but the description of what took place has all the hallmarks of a ransomware attack. The city said the malware gained entry into its network in an unknown fashion and then methodically locked up endpoints and servers. The attack has affected the police dispatch system, the municipal financial systems, billing, automobile excise tax records, assessor’s records and general assistance.
No information is believed to have been removed.
Imperial County and Stuart were hit earlier in the week with Ryuk ransomware, with each receiving a ransom demand, according to local news reports. Imperial’s network has been offline for five days since the attack and Stuart since April 13. The Los Angeles Times reported the county received a ransom note from the attackers, but was unable to obtain additional information from county officials. County workers are using their personal email accounts along with Facebook to communicate to residents.
Stuart is reportedly also working to restore its systems. Police communications were not affected and the city manager said payment card information is not stored, so it is not at risk. Stuart City Manager David Dyess told TCPalm an IT worker found the Trickbot dropper in the network while installing a new server. Trickbot is a dropper normally used to install malware on financial institutions, but lately has been used for other types of attacks, including ransomware, according to the Multi-State Information Sharing and Analysis Center (MS-ISAC). In this case, it dropped Ryuk.
Greenville, N.C. is still dealing with the aftereffects of an April 10 ransomware attack. Reflector.com said the city is now relying on paper forms while its IT department rebuilds. The city hopes to first have emergency services back online followed by financial services.