Go to listing page

Ryuk Ransomware Operators Target Port Lavaca City Hall

Ryuk Ransomware Operators Target Port Lavaca City Hall
  • The ransomware reportedly entered the city hall through the email system.
  • No information was stolen or compromised but the attackers came only to encrypt files and hold them for ransom.

A ransomware attack targeted the city of Port Lavaca, which already has racked up a near bill of $50,000 for the city.

What happened?

Ryuk ransomware is said to have attacked the Port Lavaca City Hall infecting its server and affecting citywide operations.

  • The city’s Mayor Jack Whitlow said that no data was compromised in the attack.
  • He stated that city officials were working out the servers impacted with the ransomware to get the servers up and running.
  • But most importantly, the attack has already cost nearly $50,000 to the city government.
  • Whitlow partially agreed to the fact that hacker began their negotiation with $200,000 as a ransom to decrypt the data.

The Mayor said, “We are getting most of our system up and running, but we are recovering some of that data right now.”

What was affected?

The ransomware entered city hall through the email system.

  • The attack took down the city’s billing systems and auto-pay systems, severely disrupting the service.
  • The malware also took down the local government’s server. It happened while IT officials were cleaning the system.

Water, sewer and the police department’s systems remained unaffected of the attack. “They come in and encrypt files,” said Whitlow. “It’s very, very fast.”

What now?

No information was stolen or compromised but the attackers came only to encrypt files and hold them for ransom. New servers, routers and computers are being purchased to replace the infected software. The process will take its time.

As per the Whitlow, Port Lavaca officials are not handling the ransom negotiations. They have left it to the FBI. “We’re going to be down for a little while,” Whitlow said. “It may take a while to get completely up to date.”

Whitlow said, he does not plan to fulfil the threat actor’s dream of getting a ransom, which, as he quote, started at about $200,000. He insisted the lost information will be manually entered into the system if needed.

Cyware Publisher

Publisher

Cyware