Week 17 Cyberattack Digest 2019 – The Watertown Daily Times, Fort Bragg, Cleveland Hopkins International Airport and others
It is Monday again, and, as always, we have a new portion of cyber incidents for you in our week 17 cyber attack digest.
No morning paper last Sunday
by Watertown Daily Times – 29 April 2019
Sunday morning of The Watertown Daily Times readers was ruined as the printing and distribution of the Sunday newspaper was disrupted by a cyber attack.
Over the weekend, servers were targeted by hackers who spread a virus. The virus infected Johnson Newspaper Corp. servers that were used for internal sharing of content and used to produce newspapers in Watertown, Hudson and Massena. Luckily, the servers that host the newspaper website, subscriptions and email were not affected. The newspaper’s IT staff found out on Saturday afternoon that servers and computers had been affected by a malware virus encrypting files. According to Nate Nichols, company IT manager, the hack was not meant to gain any personal data. The virus with the calling card “Ryuk: Balance of the Shadow Universe” is the same one that crippled Tribune Publishing past December. It also crippled the data infrastructure of Stewart on April 13.
Cyber attack military exercise causing a blackout
by The Charlotte Observer – 25 April 2019
Fort Bragg in North Carolina reveals the Army post had a “blackout” that lasted over 12 hours on Wednesday night. The event was a part of a cyber attack military exercise that was absolutely surprising for tens of thousands of residents. The fort, which is also the world’s largest military post, cut off the electricity “to identify shortcomings in our infrastructure, operations and security.” “Fort Bragg has to train for any possible threats to the installation in order to remain mission capable. We understand the exercise conducted caused concern for many within our community and surrounding areas…For that, we apologize. However, we had to identify ways to keep #FortBragg mission capable,” a post on Fort Bragg’s Facebook page said.
Greenville recovering after ransomware
by SC Media – 26 April 2019
The city of Greenville, N.C is still recovering from the April 10 ransomware attack that had knocked the city offline. The government network had been locked up by the Robbinhood ransomware, also known has Hidden Tear. Greenville’s systems have not fully recovered yet. According to the officials, the incident began on April 10. It was also said that a ransom request had been received, but the city decided to investigate the situation first and brought in cybersecurity help from other municipalities.
Cleveland Hopkins International Airport suffers an attack
by SC Media – 25 April 2019
As a result of a ransomware attack, email, payroll and record-keeping systems at Cleveland Hopkins International Airport were affected this week. Also, the transportation facility’s information screens were darkened. As part of the attack, the malefactors may have also accessed airport employee payroll records with personal data. In a press release issued on April 22 by the city of Cleveland characterized the incident as “technical issues… impacting a small number of systems” that included email and airport departure, arrival and baggage information screens.
“All other systems are functioning as normal and there are no impacts to flights or safety and security operations,” the release said. The attack was initiated on Monday the 22nd; airport display screens were still impacted on Wednesday, April 24. The investigation held by FBI is still ongoing.