City of Liège hit by ransomware, Ryuk suspected

City of Liège hit by ransomware, Ryuk suspected

Liège, the third largest city in Belgium, and a major educational hub, has been hit by a ransomware attack, disrupting its IT services and network.

According to its official website (pictures above):

The City of Liège is currently the victim of a large-scale targeted computer attack, obviously of a criminal nature.

The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences in particular in terms of duration on the partial unavailability of its computer systems. It is making every effort to restore the situation as soon as possible.

Services to the public are currently strongly impacted.

The website has also provided a non-exhaustive list of services that have been impacted. These include the collection of passports, driving licenses, identity cards and other important documents; the ordering of new documents; appointment services for marriage, nationalities, and others; and the availability of police support for administrative purposes.

Two Belgian media outlets, a radio station and TV station, claim that the attack may have been conducted by a group using Ryuk ransomware. As you may recall, the National Cybersecurity Agency of France (ANSSI) recently discovered Ryuk’s new worm-like capabilities. In big game attacks like this, attackers can spend weeks or even months inside a victim’s network, conducting reconnaissance and quietly moving ransomware to important systems, often using standard Windows administration tools. The recent modification to Ryuk are designed to help it make its way laterally within an affected network without help from a human operator. Yikes.

The attack on Liège is just the latest in a catalogue of ransomware attacks against cities, schools, hospitals, health services and other critical infrastructure that has been going on for years, and getting steadily worse. According to a recent report by the Ransomware Task Force, in 2020 average ransom payments increased 170 percent year-on-year, and the total sum paid in ransoms increased 310 percent.

Among its many recommendations, the task force called for greater government action and more international cooperation. Perhaps this latest attack will hasten the creation of that joint rapid response cybersecurity team the EU has been planning to create.

What will it take to stop ransomware?

There is no quick fix to stopping the ransomware epidemic. You can learn more about what it’s going to take to stop these attacks, and why we may have been focussing on the wrong things so far, by listening to our recent Lock and Code podcast, with our guest, cybersecurity luminary Brian Honan, and host David Ruiz.

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.