Ryuk Ransomware Hits City of Liège


Liege, the third biggest city in Belgium, was hit by a ransomware attack resulting in the disruption of the municipality’s IT network and online services. As a precautionary measure, IT staff shut down its network to avoid the malware from spreading. The Liège officials launched an investigation into the attack with the help of international security experts and are currently working to restore the operations. 

The officials also published a non-exhaustive list of services that have been affected. These include the bookings for town halls, birth registration, wedding, burial services, collection of passports, driving licenses, identity cards, and other important documents. Online forms for event permits and paid parking are also down. 

“The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted,” reads the status page published by the city.

The city officials only reported the incident as a “computer attack”. However, two Belgian media outlets, a radio station, and a TV station claimed that the attack may have been conducted by a group using Ryuk ransomware. Recently, the National Cybersecurity Agency of France (ANSSI) identified a new variant of Ryuk. It possesses worm-like capabilities and can spend weeks or even months inside a victim’s network, conducting reconnaissance and quietly moving ransomware to important systems, often using standard Windows administration tools.

The attack against the Liege municipality is not a one-time attack. Threat actors often target local city networks because many cannot afford top-of-the-line security nor new IT gear, often running severely outdated servers and workstations with a small IT staff. The list of targeted municipalities includes the City of Tulsa, City of Saint John, Albany, Atlanta, Baltimore, Florence, Knoxville, Lafayette, New Orleans, and more. 

According to the latest report by Ransomware Task Force, in 2020 average ransom payments raised 170 percent year-on-year, and the total sum paid in ransom increased 310 percent. It is estimated that ransomware gangs collected at least $150 million in ransoms, with one victim paying $34 million to restore their systems