Cities and Healthcare Organisations Hit Hard by Ransomware Attacks

Recently, it seems that cybercriminals are targeting state and healthcare organisations with U.S. enterprises being the main target. Without proper safety measures, large systems can easily fall prey to online threats. During the last week, several cities and companies are coping with lasting effects of ransomware attacks.

Ransomware Crawls into Cleveland Airport’s Network

After Cleveland’s unfortunate episode, another American airport experienced a ransomware attack. Namely, the Louisville Regional Airport reported to the local news that its system was breached by malware. The organisation’s representative, Sara Brown, stated that management took immediate action to repel hackers. So far, it did not affect the airport’s operations nor was a ransom paid to cybercriminals.

The IT department knew anyone can become the victim of a ransom attack and were able to use backup files to restore the system. This shows the IT team are ahead of the criminals by simply backing up their dataEncrypted data sets created by the criminals were deleted immediately but did not produce lasting delays of flights and other operational activities. What helped Louisville Regional Airport the most was the system’s backup, which saved the organisation both time and money.

On the Airport’s website, there are no further details regarding the cyber incident. Similarly, information regarding hackers and ransomware type used for the attack remain unclear.

Hutchinson County Counts Losses after Ransomware Attack

When facing the ransomware crisis, most organisations have trouble restarting their systems. This is especially true for government-owned entities, as they have a large infrastructure and slow rate of response to threats. Hutchinson County faces similar issues, two weeks after the ransomware incident. Following the Ryuk attack, IT departments worked on infected computer systems. However, County did not manage to recover all important functions, according to the auditor Diane Murtha.

We’re back online with our software, but we have no Word or Excel,” said Murtha to the local news. On May 7th, ransomware infected Hutchinson’s Court and Department of Social Services computers while state servers remained virus-free. The attack took down most services, pushing employees to work manually. As a result, one of the servers “went fried,” with overall damages ranging between $14,000 and $18,000 in value.

At the same time, county management did not receive any ransom demands, according to Commission Chairman Steve Friesen. “We haven’t received messages from anyone wanting ‘ransom’ for our information,” Friesen said.  “We’ve had no request for anything. Whoever did it could have come from anywhere, from Russia or India. It’s hard to know the sender.”

To cut down losses, Hutchinson County contacted the insurance company to remedy these unexpected expenses. Additionally, there is no information on hackers’ identities or the reason why they targeted the local community. However, it is now certain that the county’s plans on new courthouse will face large obstacles.We were upgrading everything when we moved to the new courthouse,” Murtha said. ”Now, we just have to do it a few months earlier.”

Baltimore Ransomware: Growing Number of Issues

Baltimore city is not as lucky as the Hutchinson County by any means. According to the Fox News announcement, the city faced yet another hardship in the wake of a ransomware attack. Namely, to counter issues that came about after the system encryption by the malware, Baltimore’s representatives made new Gmail accounts to send and receive electronic messages.

A large number of new email accounts were made, prompting Google’s systems to mistakenly judge the move as spam. They were briefly taken down until Baltimore’s officials managed to solve the issue. Commenting on the situation, Google’s representatives stated that bulk creation prompted the automated response. “We have restored access to the Gmail accounts for the Baltimore city officials,” Google responded to Fox News.

Although the issue was resolved in the end, it seems that ransomware has far-reaching effects on the city. Since May 7th, Baltimore’s officials are scrambling for solutions, turning towards manual labour to offset growing problems. The real estate market was hit hard by the incident during the last week.

According to the Baltimore Sun, property transactions are finally being processed, moving the market forward. Even though the transaction system can function without servers, the final stages of file processing need to be done within an online environment. Nevertheless, Baltimore’s government decided against paying the $76,000 ransom demands in Bitcoin.

Shade Ransomware Moving towards the U.S.

It seems that U.S. businesses and local governments will not see the end of the ransomware attacks anytime soon. According to the Threat Post report, a ransomware known as Shade moved out of the Russian markets to target enterprises in the U.S. and Japan.

A researcher from Palo Alto Networks, Brad Duncan, stated that the malware left the ex-Soviet region to seek out vulnerable organisations in other countries. “Our research shows that the top five countries affected by Shade ransomware are not Russia or nations of the former Soviet Union. They are the United States, Japan, India, Thailand, and Canada,” said Duncan. “The top industries attacked in these countries were high-tech, wholesale and education.”

Using phishing emails, Shade creators would provide links towards malicious archives, mostly through a form of a bill that needs to be paid. Once users enter the online platform, a script-lead program would commence the encryption, locking out victims‘ computers. Then, hackers would demand ransom payments expressed in bitcoin to bypass future legal detection.

As to seek out more lucrative routes, Duncan stated that organisations based on U.S. soil are the most popular targets. “Results indicate that Shade ransomware is very active outside of Russia and possibly targeting more English-speaking victims than Russian,” he concluded.

Healthcare Businesses still Popular Ransomware Targets

Apart from state-controlled organisations, the healthcare industry continues to be a top choice for ransomware criminals.  New Jersey-based firm, ActivYouth Orthopedics, fell victim to malware on January 9th but released the official statement only recently, on May 20th. Staff members of the company noticed that one of the office computers was infected by a virus, with files quickly encrypted as the investigation went on, according to the local news.

With the help of backup files, patient’s information was quickly restored, while the company’s operations continued to function without major issues. At the same time, the firm’s owner, Dr. Ronald Snyder hired cybersecurity experts to investigate the cause of the incident and to locate hackers.

In the press release, the firm’s representatives stated that all patients have been notified of the attack. “As part of his practice’s ongoing commitment to the privacy and security of patient information, Dr. Snyder is working to review existing policies and procedures and to implement additional safeguards to further secure the information in his systems,” as stated in the press release.

The city of Laredo Hit by Ransomware

On May 23rd, Laredo City experienced a devastating ransomware attack which crippled its online operations. Staff members noticed that servers were not responsive in the early morning, forcing management to immediately contact law authorities. Laredo Co-interim city manager, Robert Eads stated that the affected server was immediately shut down. As to limit the malware’s movement, online payment systems went offline as well.

The internal investigations pinpointed the Docuware system as the main culprit, infiltrating the system through phishing emails. Furthermore, it seems that malware found its way into the city secretary’s computer, spreading throughout the network fairly quickly. To limit the damage, the IT department was forced to shut down other services while the FBI continues to investigate the origins of the ransomware.

Up to this point, the organisation is yet to release details regarding the ransomware type used in the attack. Additionally, it is unclear whether hackers demanded a ransom payment.

BestMixer Busted by European Authorities

Cryptocurrencies, bitcoin especially, are a popular method that hackers use to extract money from victims. Cybercriminals use platforms that offer private exchange services to cover their tracks. Often, the lack of evidence would draw out the investigation process long after the ransomware incident. However, Europol did manage to gather enough data to act in the case of The platform is a bitcoin mixing website that specialises in crypto laundering services.

According to the Europol announcement on May 22nd, authorities took down BestMixer due to the Bitcoin shuffling allegations. The Dutch Fiscal Information and Investigation Service (FIOD) performed the site closure, stating that BestMixer helped launder over $200 million worth of cryptocurrencies since May 2018. FIOD started investigations in June last year, gathering important information about the website, including “IP-addresses, transaction details, bitcoin addresses and chat messages.”

Mcafee representatives also took part by providing support for the investigation. Company’s representative John Fokker explained in a blog post the process of how hackers launder bitcoins. “BestMixer offered a very clear page on why someone should mix their cryptocurrency,” he said. “On this page, BestMixer described the current anti-money laundering policies and how its service could help evade these policies by making funds anonymous and untraceable.”

FIOD plans to further investigate the website’s activity as to provide support for other law enforcement groups around the globe. However, it seems unlikely that lost funds will ever find their way back to original owners since transactions remain untraceable outside of the Bitcoin network.

Ransomware Poses Serious Threat to MySQL Servers

Recently, Sophos released an announcement regarding the supposed ransomware attacks on Window’s MySQL lab environment. The malware used is known as GandCrab program and requires quite sophisticated coding to breach tech giant’s safety layers. Sophos blogger, Andrew Brandt stated that attack occurred recently, on May 19th. However, the complete report was published on May 24th, with details regarding the attack.

The first stage of the attack involved the attacker connecting to the database server and establishing that it was running MySQL,” Brandt said. “The honeypot emulates MySQL, so the rest of the attack went relatively smoothly.” After the initial entrance, hackers added commands to the code that would spread the malicious software within the MySQL server in the form of a DLL file.

Although the attack itself was limited due to the fact that it was a lab platform, Brandt mentioned that “had this attack taken place against an actual MySQL server, that machine would be encrypted by now and the owner of that server would be in some trouble.” Furthermore, the attacker’s IP address points Arizona as the location from where the attack commenced. So far, about 800 file downloads occurred, pointing out just how devastating attack could be on the actual MySQL server.

Northern Colorado Utility Refuses to Pay Ransom Demands

After a prolonged period of silence, Fort Collins-Loveland Water District and South Fort Collins Sanitation District decided to release details regarding the February’s ransomware attack. According to the statement, Interpol managed to locate necessary encryption code for the locked servers, releasing the system from hackers’ grasp. Files were locked for weeks while cybercriminals demanded ransom payments for the decryption code.

The malware took servers down, forcing management to change IT security firms due to the incident. The overall value of the demanded ransom remains unknown but the organisation did invest significant funds to restore systems. Expenses reached $100,000 in terms of the overall value necessary for the purchase of new hardware and software.

Chris Matkins, utility’s General Manager, said that the investment would allow Colorado’s utility organisation to “prevent, detect and recover more quickly from potential future attacks.” He added that “we [utility management] have to make sure we are not only taking care of the hardware and software but the people and the behaviour side.” Since the organisation does not store consumers’ vital information, the organisation decided against the public announcement until the situation was resolved.


In recent weeks it has become evident that law enforcement is slowly cracking down on websites that provide laundering services for hackers. Nevertheless, most organisations still suffer from the devastating effects of these cyberattacks. State-owned enterprises lack security measures that would identify phishing emails while backup of files is seldom found.

Thus, the case of ActivYouth Orthopedics can serve as a positive example of how file backup services can help organisations protect their online assets. BOBcloud offers cloud backup services that would provide a vitally important security measure at times when servers and files are encrypted by malicious programs.

Leave a Reply

Your email address will not be published. Required fields are marked *
The Old Sorting Office, Corsham, Wiltshire SN13 9AA
Tel: 0800 907 8238