The Syracuse City School District (SCSD) and Onondaga County Libraries, both in New York, were hit with a Ryuk ransomware earlier this month.
On July 9, SCSD was hit by an attack that rendered its computer files and systems inoperable. On July 12, district officials announced that they had restored “some” back-end systems, including HR, payroll, and student management, but that it was still working on public-facing systems such as email.
SCSD also said that it had “no indication that any data was compromised but rather the attack froze the district from accessing our own systems.” The district also noted it has been working with both cybersecurity experts and law enforcement to restore systems that were still inoperable. WSYR, a local news outlet, reported that the “district has been unwilling to answer questions about how it is handling the attack” and will not confirm or deny whether it will pay a ransom to regain access to its systems.
Libraries across Onondaga County discovered July 12 that library systems were being held hostage by cybercriminals. Luckily for library users, Past Library Chair Ginny Biesiada said library officials do not believe that any library cards or other personal information are at risk. However, the Onondaga County Public Libraries’ website notes that “many library services continue to be unavailable.”
While it is unlikely any library card or other personal information is at risk, Biesiada said the ransomware attack continues to hold the library system hostage.
Unlike SCSD, an Onondaga County spokesperson said definitively that the county would not be paying a ransom should one be demanded. The spokesperson also said that the county doesn’t anticipate purchasing any new hardware or software as part of its recovery.
Ryuk should be a familiar name to anyone in the cybersecurity field. This specific strain of ransomware has already left a string of high-profile victims in its wake, including Albany, N.Y., Jackson County, Ga., and Tribune Publishing. According to McAfee, Ryuk appears to have been developed from a toolkit by a Russian operator. The ransomware strain hits high-value targets who can’t afford to be taken offline for large chunks of time. The name ‘Ryuk’ is fitting because it is taken from the Japanese manga character that “drops a death note” and the targets of the ransomware are dropped ransom notes for hefty Bitcoin sums.