Durham city, county governments hit by malware attack
Posted March 8, 2020 12:51 p.m. EDT
Updated March 8, 2020 9:37 p.m. EDT
Durham, N.C. — The City of Durham and Durham County governments were victims of a cyber ransomware attack, officials said Sunday.
In a joint statement, the city and county governments said each were notified of the malware attacks late Friday.
Both government’s information technology teams responded immediately, according to the statement.
An email sent Sunday to State Bureau of Investigation employees said a ransomware started by a Russian hacker group hit the city's systems. The randomware, called Ryuk, gets into networks when someone opens a malicious email attachment and then spreads across network servers.
"The end game is, they want to receive money to release these organizations from the way they have infiltrated the organization," said crime solutions expert Rob Goldfinger of BAE Systems Applied Intelligence.
He said these types of attacks on businesses and government agencies are becoming more prevalent.
James Reese, a cyber security expert at TigerSwan, said sensitive information could have been taken, especially if 911 services were targeted.
"Those dispatchers are pushing information," Reese said. "There could be names. There could be different activities that law enforcement are dealing with."
Christopher Travis, a Durham resident, said he was surprised by the widespread hacking.
"It caught my attention because you just don't hear about it," he said.
In the joint statement, the City of Durham said its IT staff is working to bring systems back online and is investigating the attack.
The city shut down phone systems to stop the attack, but IT staff members believe the phone system will be up and running by Monday. The city's public safety systems and agencies, including 911, are working.
The city's website is working, and residents can pay their water bills and submit Durham One Call service requests online.
The county's phone system and website are working, officials said, including 911.
In March 2019, Orange County officials said a ransomware virus led to a shutdown of the county's computer network. Once the cyber attack was detected, county IT staff disinfected more than 120 infected computers, officials said.
There's was no evidence that data was lost or stolen, but data shows attacks are becoming more common.