[BreachExchange] Greenville in recovery phase from Robbinhood ransomware attack

Destry Winant destry at riskbasedsecurity.com
Mon Apr 29 01:37:47 EDT 2019


https://www.scmagazine.com/home/security-news/ransomware/greenville-in-recovery-phase-from-robbinhood-ransomware-attack/

The city of Greenville, N.C., said it is recovering from the April 10
ransomware attack that had effectively knocked the city offline,
without having to resort to paying the ransom demand.

City officials told WCTI12 the government network had been locked up
by the relatively new Robbinhood ransomware, also known has Hidden
Tear. There is a removal process for Robbinhood, which is normally
injected into a target via a phishing attack, or sometimes with a
browser hijacker, although it was not made clear how the city is going
about deleting the ransomware.

Greenville’s systems are not fully back online and city officials do
not have a completion date for the process.

In a Facebook post at the time of the attack city, officials said the
incident began on April 10. Citing a Greenvile official,
TheReflector.com reported that a ransom request had been received, but
the city brought in cybersecurity help from other municipalities and
was prepared to go a couple of days without computer support in order
to investigate the situation.


More information about the BreachExchange mailing list