Ransomware Attacks of 2019

Just as we did in 2018, we will accumulate a list of the publically known ransomware attacks that occur throughout this year.  We will do our best to keep this updated, but many hands make light work.  Feel free to drop comments below if you’re aware of an attack that we have missed.

January

  • Bridgeport Public Schools – Connecticut – Ransom demand was not disclosed, and it remains unknown if payment demands were met.
  • City of Del Rio – Texas – Ransom demand was not disclosed, and it remains unknown of the payment demands were met.
  • City of Sammamish – Washington – Ransom demand was not disclosed, and it remains unknown of the payment demands were met.
  • Salisbury Police Department – Maryland – Ransom demand was not disclosed, and it remains unclear if officials paid the ransom demands.
  • Southern Hills Eye Care – Iowa – Ransom demands were not disclosed, nor was any intentions to pay.

February 

  • Melbourne Heart Group – Australia – Ransom demand was not disclosed, but they did report to paying it.  Not all files were restored even after submitting payment to the hacker.
  • Madras University – India – The ransom demand was approximately $25k USD, but they did not report to paying it.  Instead, they restored their systems using backup files.
  • Florida ISP Network Tallahassee – Florida – The ISP reportedly paid the hackers $6,000 in an attempt to their networks.
  • Town of Colchester – Connecticut – The ransom demand was not disclosed.  It remains unclear if the town will pay the demands to restore their networks.
  • Park Rapids Public Schools – Minnesota – The ransom demands weren’t disclosed, but it does not appear they intend to pay.  Instead, they will restore using backup files.
  • Taos Municipal Schools District – New Mexico – Hackers demanded a $5,000 ransom payment.  The school opted not to pay.
  • Augustana College – Illinois – College officials declined to comment on ransom demands, and if they were paid.
  • Southeastern Council on Alcohol and Drug Dependence – Connecticut – The ransom demand was not disclosed, nor was information on whether or not SCADD paid to restore its networks.

March

  • Jackson County – Georgia – The initial ransom demand is unknown, but the county did pay the hackers $400,000 in an attempt to restore their networks.
  • Oberlin College – Ohio – The ransom demand was for 1 bitcoin, per student (approx. $3,800).  The number of ransoms paid is unclear.
  • Grinnell College – Iowa – The ransom demand was for 1 bitcoin, per student (approx. $3,800).  The number of ransoms paid is unclear.
  • Hamilton College – New York – The ransom demand was for 1 bitcoin, per student (approx. $3,800).  The number of ransoms paid is unclear.
  •  Sir John Colfox Academy – England – The ransom demands have not been disclosed, nor has the Academy’s intentions to pay.
  • City of Albany – New York – The ransom demands have not been disclosed, nor has the City’s intentions to pay.
  • Police Federation of the United Kingdom – UK – The ransom demands have not been disclosed, nor have the intentions to pay.
  • Orange County – North Carolina – Officials reported ransom demands have not been received.
  • Brookside Medical Center – Michigan – Hackers demanded a $6,500 ransom payment.  The facility opted not to pay and closed the facility instead.
  • Stratford City Hall – England – Ransom demands were not disclosed, nor was any intentions to pay.
  • Garfield County – Utah – Ransom demands were paid, although the amount is unknown.

April

  • Algoma Public Health – Canada – Ransom demands were not disclosed, nor was any intentions to pay.
  • Stone Mountain Park Association – Georgia – Ransom demands were not disclosed, nor was any intentions to pay.
  • City of Stuart – Florida – Ransom demands were not disclosed, but city officials claimed a payment will not be made.
  • Howard County – Indiana – Ransom demands were not disclosed, nor was any intentions to pay.
  • Imperial County – California – Ransom demands were not disclosed, nor was any intentions to pay.
  • Genessee County – Michigan – Ransom demands were not disclosed, however, officials reported they did not pay.
  • City of Greenville – North Carolina – Ransom demands were not disclosed, nor was any intentions to pay.
  • Sugar-Salem School District – Idaho – Ransom demands were not disclosed, nor was any intentions to pay.
  • Hopkins International Airport – Ohio – Ransom demands were not disclosed, nor was any intentions to pay.
  • Watertown Daily Times – New York – Ransom demands were not disclosed, nor was any intentions to pay.  Officials did state the IT department rebuilt the server, leading to the assumption the ransom demands were not paid.
  • Daviess County Library – Kentucky – Ransom demands were $40,000 although officials do not intend to pay. 
  • Telangana and Andhra Pradesh State – India – Ransom demands were not disclosed, nor was any intentions to pay.
  • Potter County – Texas – Ransom demands were not disclosed, but officials reported they will not be paying them. 
  • ResiDex Software – Massachusetts – Ransom demands were not disclosed, but officials reported they will not be paying them. 
  • Shingle Springs Health and Wellness Center – California – Ransom demands were not disclosed, but officials reported they will not be paying them. 
  • Father Bill’s and MainSprings Homeless Shelter – Massachusetts – Ransom demands were not disclosed, but officials did report they did not pay.
  • US Virgin Islands Police Department – St. Croix – Ransom demands were not disclosed. However, officials reported they are not paying the hackers and instead are working with the FBI to decrypt their data.
  • Talley Medical Surgical Eyecare Associates – Indiana – Ransom demands were not disclosed, nor was it mentioned if the facility paid the demands to restore their networks.
  • City of Lodi City – California – Hackers demanded a $400,000 ransom payment, which city officials did not pay. 

May

  • Wolters Kluwer – Netherlands – Ransom demands were not disclosed, nor was any intentions to pay.
  • City of Washington – Pennsylvania – Ransom demands were not disclosed, nor was any intentions to pay.
  • ConnectWise – EU – Ransom demands were not disclosed, nor was any intentions to pay.
  • Oklahoma City Public Schools – Oklahoma – Ransom demands were not disclosed, nor was any intentions to pay.
  • Louisville Regional Airport – Kentucky – Ransom demands were not disclosed, nor was any intentions to pay.
  • Hutchinson County – South Dakota – Claim they haven’t received ransom demands, and are working to restore their network internally.
  • City of Edcouch – Texas – Hackers demanded $40,000, and it is unknown if the demands were paid.
  • City of Laredo – Texas – Ransom demands were not disclosed, nor was any intentions to pay.
  • Luzerne County Courthouse – Pennsylvania – Ransom demands were not disclosed, nor was any intentions to pay.

June

  • Auburn Food Bank – Washington – Ransom demands were not disclosed; however, officials reported they would not be paying them. 
  • City of Lake City – Florida – Two weeks after the attack, city officials confirmed they paid a $460,000 ransom demand in bitcoin in an effort to restore their networks that remained down. 
  • NEO Urology – Ohio – The clinic paid the hackers $75,000 to restore its networks.
  • Estes Park Health – Colorado – The clinic paid their cyber security insurance deductible of $10,000 to pay the total ransom demands.  This amount was not disclosed. 
  • Olean Medical Group – New York – Ransom demands were not disclosed, but officials reported they did pay them. 
  • Seneca Nation Health Group – New York – Ransom demands were not disclosed, but officials reported they did pay them. 
  • City of Riveria Beach – Florida – Paid the ransom demands, totaling $600,000.
  • Marin Community Clinics – California – Paid the ransom demands; however, did not disclose an amount to the public.
  • Fayette County – Ohio – Ransom demands were not disclosed, but officials reported they did pay them. 
  • Village of Key Biscayne – Florida – Ransom demands were not disclosed, and officials will not comment on intentions to pay.
  • Grays Harbor Community Hospital – Washington – Ransom demands were not disclosed, and officials will not comment on intentions to pay.
  • Eurofins Scientific – U.K. – Ransom demands were met; however, there are no reports confirming the exact amount paid.
  • WMNF FM Radio – Florida – Ransom demands were not disclosed; although, officals did state no ransom was paid.
  • Pike Township – Indiana – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands.  
  • Grays Harbor Community Hospital – Washington – Hackers demanded a payment of $1M.  It is unclear if the medical facility will be paying the ransom amount. 
  • Harbor Medical Group – Washington – Hackers demanded a payment of $1M.  It is unclear if the medical facility will be paying the ransom amount. 

July 

  • Georgia Courts Agency – Ransom demands were not disclosed, and officials will not comment on intentions to pay.
  • Richmond Heights City Hall – Ransom demands were not disclosed, but officials reported they did not pay them. 
  • City of La Pointe – Indiana – Ransom demands were not disclosed, and city officials did not confirm if they will pay the demands.  However, they did state the city has a cyber insurance policy which will help restore systems.  
  • Humboldt State University KHSU Radio – California – Ransom demands were not disclosed, nor was it confirmed if officials will pay these demands to restore the station’s networks.
  • Monroe College – New York – Hackers demanded a ransom payment of $2M.  It is unclear if the college will pay those demands, or restore networks using backup files.
  • Daviess County Library – Kentucky – Ransom demands were not disclosed; although, officials did report they do not intend to pay. 
  • City of Collierville – Tennessee – Ransom demands were not disclosed, nor were intentions to pay.
  • Butler County Library – Pennsylvania – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands. 
  • Onondaga County Library – New York – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands. 
  • Lawrenceville Police Department – Georgia – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands. 
  • Henry County – Georgia – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands.  
  • Vigo County – Indiana – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands.  
  • Bilancione Dentistry – Florida – Hackers demanded a payment of $10,000; however, Dr. Bilancione stated he had no intention to pay those demands. 
  • Johannesburg Utility – South Africa – The ransom demands have not been disclosed, nor have the department’s intention to pay. 
  • Lincoln County Sheriff – North Carolina – The ransom demands have not been disclosed, nor have the department’s intention to pay. 
  • New Haven Public School – Connecticut – The ransom demands have not been disclosed, nor have the department’s intention to pay.  However, last fall when the school was hit with ransom, they paid a $2,000 ransom demand. 
  • Spring Hill Medical Center – Alabama – The ransom demands have not been disclosed, nor have the department’s intention to pay.
  • Department of Public Safety – Georgia – Officials stated they will not pay the ransom demands; however, they have yet to disclose what those ransom demands were. 
  • St. John’s Ambulance – England – The ransom demands have not been disclosed, nor have the organization’s intention to pay.
  • Park DuValle Community Health Center – Kentucky – Healthcare officials confirmed they paid the $70,000 ransom demands through a bitcoin payment.
  • Houston County Schools – Alabama – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Sabine School District – Louisiana – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Morehead Schoool District – Louisiana – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Ouachita School District – Louisiana – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Gadsden School District – New Mexico – The ransom demands have not been disclosed; however, school officials confirmed they have no intention to pay.
  • Broken Arrow Schools – Oklahoma – Ransom demands have not been disclosed, and school officials have yet to comment on their intentions to pay.
  • Lyons County Schools – Nevada – School officials they did not pay the ransom, but their cyber insurance did negotiate a payment with the hackers.  The amount was not disclosed. 
  • Eye Care Associates – Ohio – Ransom demands were not disclosed, nor was the facilities intentions to pay.
  • Rockville Centre School District – New York – Paid hackers $88,000 for the decryption key to restore their network. (School’s out of pocket costs were $10k to cover the insurance deductable. 
  • Moses Lake School District – Washington – The ransom demand amount was not released; however school officials did confirm they did not pay. 
  • City of New Bedford – Massachusetts – The ransom demand was $5.3M.  The city offered to pay $400,000.  The hackered denied the offer and did not rebuttle.  The city opted to restore internally.
  • Premier Family Medical – Utah – Officials are not releasing the ransom demands, nor if the facility opted to pay them. 

August 

  • Truman Medical Centers – Missouri – Ransom demands were not made public; however, officials did confirm a payment was made, but did not disclose the amount.
  • Camp Verde Unified School District – Arizona – The ransom demands were not made public, nor were the school’s intentions to pay.
  • Lincoln County Communications Center – North Carolina – The ransom demands were not made public, nor were the county’s intentions to pay.
  • Ohev Shalom Synagogue – Florida – Hackers demanded one bitcoin (approx. $10k), however, officials reported they will not be paying the demands.
  • Regis University – Colorado – Officials would not confim ransom demands or intentions to pay.
  • North Lamar Schools – Texas – Officials would not confim ransom demands or intentions to pay.
  • Lake County – Indiana – Officials would not confim ransom demands or intentions to pay.
  • Mineola Public Schools – New York – Officials would not confim ransom demands or intentions to pay.
  • New Kent County Public Schools – Virginia – Officials would not confim ransom demands or intentions to pay.
  • Nampa Idaho School District – Idaho – Officials would not confim ransom demands or intentions to pay.
  • Middleton School District – Connecticut – Officials would not confim ransom demands or intentions to pay.
  • Wolcott Public Schools – Connecticut – Officials would not confim ransom demands or intentions to pay.
  • Wallingford School District – Connecticut – Officials would not confim ransom demands or intentions to pay.

September 

  • Flagstaff School District – Arizona – The ransom demands were not disclosed, nor were any intentions to pay.
  • Souderton Area School District – Pennsylvania – School officials have not confirmed what the ransom demands were, or if the school will be paying them in an effort to restore their networks. 

4,664 total views, 12 views today

(Visited 1 times, 7 visits today)

7 thoughts on “Ransomware Attacks of 2019

  1. On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments… At this time, the evidence gathered indicates the attacks came from one single threat actor… Twenty-three entities have been confirmed as impacted.

  2. I was hit with gandcrab 5.2. Fortunately I found nomoreransom.org and labs.bitdefender.com and I had the few files I really needed backed up. So I waited until they came up with a cure. (Free, by the way) Unfortunately I still have no idea what I did to get it on my computer. I had pcmatic with supershield installed but I did something that let it get on my pc.

    • Hello Joe, if you have an idea of the date/time the infection took place, our support staff can look into your account history to determine how it infected your PC. If you’d like them to do this, please submit a ticket request at http://www.pcmatic.com/help

  3. I know for certain that several manufactures in northern Indiana have been hit. One of the manufacturers told me they were demanded $250,000. Another client hinted they were also told $250,000 for their files. Neither paid. I believe that tbe problems is for more widespread than what’s being reported and most manufacturers do not want the bad publicity to get out.

  4. We were attacked by the ransomware called RYUK. They demanded $250,000. It wiped out 25 PC’s and Server. Restored from backup and wiped all 25 PC’s. We were down for 4 days now still limping along while waiting to replace Server.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.