IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Ransomware Attack Hits North Carolina City, County Governments

Both the city and county of Durham were struck simultaneously late Friday, but pre-existing response plans allowed government officials to save their systems from a more catastrophic result, officials said.

Hackers of "Russian" origin targeted the city and county governments of Durham, N.C., over the weekend, hampering computer and communications networks with ransomware, according to local officials.

The attack, which used the infamous Ryuk malware strain typically spread through malicious attachments in phishing emails, was carried out late Friday by a Russian hacking group, according to the North Carolina State Bureau of Investigations, one of the agencies looking into the attack.

On the heels of a year with a precipitous rise in ransomware attacks on state and local government, the incident is one of several to occur in the first few months of 2020 that show the trend does not seem to be slowing. 

City and county officials confirmed during a joint press conference Monday that the malware appears to have spread after internal employees clicked on infected emails.

Kerry Goode, the city's CIO, explained how the Durham's pre-existing cybercontingency plan, which involved bringing together shareholders like professionals from the North Carolina Department of Information Technology (DIT), MS-ISAC, and the state's cyber response team, helped curb the infection. 

Meanwhile Greg Marrow, county CIO, reported similar response and investigation steps that the regional government was taking to assess and recover from the incident.

Around 1,000 of the county's computers would have to be re-imaged, a routine cyberhygiene process in which infected devices have software removed and re-installed. Meanwhile, some 100 servers from the county's data center would also have to be rebuilt "from scratch," he said.

However, neither the city nor the county's data backups were compromised by the attack, and no personally identifiable data was accessed by the hackers, officials said. 

Officials also shared that risk awareness training, the kind that would dissuade employees from clicking on a phishing email, is routinely encouraged and deployed. 

The idea that both governments were purposefully targeted in some way or that the attack had something to do with it being an election year was brushed off. 

"These attempts are going on all over the country, all over the world. This particular virus is prolific," said Durham City Manager Tom Bonfield, referring to the indiscriminate "shotgun"-style approach in which opportunistic hackers typically operate. "We just happened to have had the misfortune of [having] this happen simultaneously." 

Lucas Ropek is a former staff writer for Government Technology.