A third Florida local government has reported that it has been struck by ransomware. Key Biscayne joins Lake City as a victim of Ryuk, a form of ransomware first spotted in August of 2018. Ryuk was the final piece of what has been labeled the “Triple Threat’ attack, the other two threats being Emotet and Trickbot malware.
While the attack on Riviera Beach, Florida, revealed last week was similar—all three cases start with a city employee clicking on an attachment in email and unleashing malware—it’s not certain if that attack was also based on Ryuk.
Ryuk is targeted ransomware, originally linked to the North Korean “Lazarus” threat group, but now it appears to have been adopted by non-state criminal ransomware operators as well. It comes with a tailored ransom note that directs victims to contact the attacker via email. It has been known to lie dormant for up to a year before executing.