Durham city and county identify malware virus, say no data stolen or breached
The city of Durham and Durham County have identified and contained the malware attack that hit them Friday.
“There was no indication any data has been stolen or tampered with,” said Greg Marrow, the county’s chief information officer, responding to concerns about the attack happening just a few days after the North Carolina primary.
City Manager Tom Bonfield said investigators are “confident no personally identifiable information was breached.”
The malware is called Ryuk, a “premier ransomware, malware type of virus” according to city chief information officer Kerry Goode. The ransomware known to attack local government entities normally gains access to a system and then demands large payments.
According to Durham County Manager Wendell Davis, the malware has collected $3 billion in ransoms in past attacks. The city and county said they have not received any ransom requests. Davis also said there is no indication that Durham was specifically targeted.
“These attempts are going on all over the county, all over the world,” he said.
The cyber attack originated from an email attachment, but neither the city nor the county have identified the exact employee or employees who opened it, or the departments they work in. They both also said no backup systems were infected, so restoration of all servers and computers has begun or can begin soon.
The city said there are approximately 1,000 contaminated work stations and 80 servers, including its business core server. It expects the business server to be back online within the next couple of hours, and the rest of the data center to be fully recovered in two days.
The county also had around 1,000 contaminated computers and 100 servers, but has not yet started the restoration process and expects to be finished with that in one to two weeks.
Goode said the city’s process of recovery involves clearing each device on the network, testing it on a separate network and then reconnecting it. The county has the same process.
Both the city and the county also said they have cyber security insurance and test their employees continually on cyber security knowledge.
“We are in very good hands,” said Wendy Jacobs, the chair of the Durham County Board of Commissioners.
This story was originally published March 9, 2020 at 5:03 PM.
