Ransomware Attacks of 2019

Just as we did in 2018, we will accumulate a list of the publically known ransomware attacks that occur throughout this year.  We will do our best to keep this updated, but many hands make light work.  Feel free to drop comments below if you’re aware of an attack that we have missed.

January

  • Bridgeport Public Schools – Connecticut – Ransom demand was not disclosed, and it remains unknown if payment demands were met.
  • City of Del Rio – Texas – Ransom demand was not disclosed, and it remains unknown of the payment demands were met.
  • City of Sammamish – Washington – Ransom demand was not disclosed, and it remains unknown of the payment demands were met.
  • Salisbury Police Department – Maryland – Ransom demand was not disclosed, and it remains unclear if officials paid the ransom demands.
  • Southern Hills Eye Care – Iowa – Ransom demands were not disclosed, nor was any intentions to pay.

February 

  • Melbourne Heart Group – Australia – Ransom demand was not disclosed, but they did report to paying it.  Not all files were restored even after submitting payment to the hacker.
  • Madras University – India – The ransom demand was approximately $25k USD, but they did not report to paying it.  Instead, they restored their systems using backup files.
  • Florida ISP Network Tallahassee – Florida – The ISP reportedly paid the hackers $6,000 in an attempt to their networks.
  • Town of Colchester – Connecticut – The ransom demand was not disclosed.  It remains unclear if the town will pay the demands to restore their networks.
  • Park Rapids Public Schools – Minnesota – The ransom demands weren’t disclosed, but it does not appear they intend to pay.  Instead, they will restore using backup files.
  • Taos Municipal Schools District – New Mexico – Hackers demanded a $5,000 ransom payment.  The school opted not to pay.
  • Augustana College – Illinois – College officials declined to comment on ransom demands, and if they were paid.
  • Southeastern Council on Alcohol and Drug Dependence – Connecticut – The ransom demand was not disclosed, nor was information on whether or not SCADD paid to restore its networks.

March

  • Jackson County – Georgia – The initial ransom demand is unknown, but the county did pay the hackers $400,000 in an attempt to restore their networks.
  • Oberlin College – Ohio – The ransom demand was for 1 bitcoin, per student (approx. $3,800).  The number of ransoms paid is unclear.
  • Grinnell College – Iowa – The ransom demand was for 1 bitcoin, per student (approx. $3,800).  The number of ransoms paid is unclear.
  • Hamilton College – New York – The ransom demand was for 1 bitcoin, per student (approx. $3,800).  The number of ransoms paid is unclear.
  •  Sir John Colfox Academy – England – The ransom demands have not been disclosed, nor has the Academy’s intentions to pay.
  • City of Albany – New York – The ransom demands have not been disclosed, nor has the City’s intentions to pay.
  • Police Federation of the United Kingdom – UK – The ransom demands have not been disclosed, nor have the intentions to pay.
  • Orange County – North Carolina – Officials reported ransom demands have not been received.
  • Brookside Medical Center – Michigan – Hackers demanded a $6,500 ransom payment.  The facility opted not to pay and closed the facility instead.
  • Stratford City Hall – England – Ransom demands were not disclosed, nor was any intentions to pay.
  • Garfield County – Utah – Ransom demands were paid, although the amount is unknown.

April

  • Algoma Public Health – Canada – Ransom demands were not disclosed, nor was any intentions to pay.
  • Stone Mountain Park Association – Georgia – Ransom demands were not disclosed, nor was any intentions to pay.
  • City of Stuart – Florida – Ransom demands were not disclosed, but city officials claimed a payment will not be made.
  • Howard County – Indiana – Ransom demands were not disclosed, nor was any intentions to pay.
  • Imperial County – California – Ransom demands were not disclosed, nor was any intentions to pay.
  • Genessee County – Michigan – Ransom demands were not disclosed, however, officials reported they did not pay.
  • City of Greenville – North Carolina – Ransom demands were not disclosed, nor was any intentions to pay.
  • Sugar-Salem School District – Idaho – Ransom demands were not disclosed, nor was any intentions to pay.
  • Hopkins International Airport – Ohio – Ransom demands were not disclosed, nor was any intentions to pay.
  • Watertown Daily Times – New York – Ransom demands were not disclosed, nor was any intentions to pay.  Officials did state the IT department rebuilt the server, leading to the assumption the ransom demands were not paid.
  • Daviess County Library – Kentucky – Ransom demands were $40,000 although officials do not intend to pay. 
  • Telangana and Andhra Pradesh State – India – Ransom demands were not disclosed, nor was any intentions to pay.
  • Potter County – Texas – Ransom demands were not disclosed, but officials reported they will not be paying them. 
  • ResiDex Software – Massachusetts – Ransom demands were not disclosed, but officials reported they will not be paying them. 
  • Shingle Springs Health and Wellness Center – California – Ransom demands were not disclosed, but officials reported they will not be paying them. 
  • Father Bill’s and MainSprings Homeless Shelter – Massachusetts – Ransom demands were not disclosed, but officials did report they did not pay.
  • US Virgin Islands Police Department – St. Croix – Ransom demands were not disclosed. However, officials reported they are not paying the hackers and instead are working with the FBI to decrypt their data.
  • Talley Medical Surgical Eyecare Associates – Indiana – Ransom demands were not disclosed, nor was it mentioned if the facility paid the demands to restore their networks.
  • City of Lodi City – California – Hackers demanded a $400,000 ransom payment, which city officials did not pay. 

May

  • Wolters Kluwer – Netherlands – Ransom demands were not disclosed, nor was any intentions to pay.
  • City of Washington – Pennsylvania – Ransom demands were not disclosed, nor was any intentions to pay.
  • ConnectWise – EU – Ransom demands were not disclosed, nor was any intentions to pay.
  • Oklahoma City Public Schools – Oklahoma – Ransom demands were not disclosed, nor was any intentions to pay.
  • Louisville Regional Airport – Kentucky – Ransom demands were not disclosed, nor was any intentions to pay.
  • Hutchinson County – South Dakota – Claim they haven’t received ransom demands, and are working to restore their network internally.
  • City of Edcouch – Texas – Hackers demanded $40,000, and it is unknown if the demands were paid.
  • City of Laredo – Texas – Ransom demands were not disclosed, nor was any intentions to pay.
  • Luzerne County Courthouse – Pennsylvania – Ransom demands were not disclosed, nor was any intentions to pay.

June

  • Auburn Food Bank – Washington – Ransom demands were not disclosed; however, officials reported they would not be paying them. 
  • City of Lake City – Florida – Two weeks after the attack, city officials confirmed they paid a $460,000 ransom demand in bitcoin in an effort to restore their networks that remained down. 
  • NEO Urology – Ohio – The clinic paid the hackers $75,000 to restore its networks.
  • Estes Park Health – Colorado – The clinic paid their cyber security insurance deductible of $10,000 to pay the total ransom demands.  This amount was not disclosed. 
  • Olean Medical Group – New York – Ransom demands were not disclosed, but officials reported they did pay them. 
  • Seneca Nation Health Group – New York – Ransom demands were not disclosed, but officials reported they did pay them. 
  • City of Riveria Beach – Florida – Paid the ransom demands, totaling $600,000.
  • Marin Community Clinics – California – Paid the ransom demands; however, did not disclose an amount to the public.
  • Fayette County – Ohio – Ransom demands were not disclosed, but officials reported they did pay them. 
  • Village of Key Biscayne – Florida – Ransom demands were not disclosed, and officials will not comment on intentions to pay.
  • Grays Harbor Community Hospital – Washington – Ransom demands were not disclosed, and officials will not comment on intentions to pay.
  • Eurofins Scientific – U.K. – Ransom demands were met; however, there are no reports confirming the exact amount paid.
  • WMNF FM Radio – Florida – Ransom demands were not disclosed; although, officals did state no ransom was paid.
  • Pike Township – Indiana – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands.  
  • Grays Harbor Community Hospital – Washington – Hackers demanded a payment of $1M.  It is unclear if the medical facility will be paying the ransom amount. 
  • Harbor Medical Group – Washington – Hackers demanded a payment of $1M.  It is unclear if the medical facility will be paying the ransom amount. 
  • Floyd County Courts – Georgia – Ransom demands were not disclosed, however the county opted to restore its systems themselves.  Unfortunately, six months of data was lost.

July 

  • Georgia Courts Agency – Ransom demands were not disclosed, and officials will not comment on intentions to pay.
  • Richmond Heights City Hall – Ransom demands were not disclosed, but officials reported they did not pay them. 
  • City of La Pointe – Indiana – Ransom demands were not disclosed, and city officials did not confirm if they will pay the demands.  However, they did state the city has a cyber insurance policy which will help restore systems.  
  • Humboldt State University KHSU Radio – California – Ransom demands were not disclosed, nor was it confirmed if officials will pay these demands to restore the station’s networks.
  • Monroe College – New York – Hackers demanded a ransom payment of $2M.  It is unclear if the college will pay those demands, or restore networks using backup files.
  • Daviess County Library – Kentucky – Ransom demands were not disclosed; although, officials did report they do not intend to pay. 
  • City of Collierville – Tennessee – Ransom demands were not disclosed, nor were intentions to pay.
  • Butler County Library – Pennsylvania – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands. 
  • Onondaga County Library – New York – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands. 
  • Lawrenceville Police Department – Georgia – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands. 
  • Henry County – Georgia – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands.  
  • Vigo County – Indiana – Ransom demands were not disclosed, nor did officials confirm if they intended to pay ransom demands.  
  • Bilancione Dentistry – Florida – Hackers demanded a payment of $10,000; however, Dr. Bilancione stated he had no intention to pay those demands. 
  • Johannesburg Utility – South Africa – The ransom demands have not been disclosed, nor have the department’s intention to pay. 
  • Lincoln County Sheriff – North Carolina – The ransom demands have not been disclosed, nor have the department’s intention to pay. 
  • New Haven Public School – Connecticut – The ransom demands have not been disclosed, nor have the department’s intention to pay.  However, last fall when the school was hit with ransom, they paid a $2,000 ransom demand. 
  • Spring Hill Medical Center – Alabama – The ransom demands have not been disclosed, nor have the department’s intention to pay.
  • Department of Public Safety – Georgia – Officials stated they will not pay the ransom demands; however, they have yet to disclose what those ransom demands were. 
  • St. John’s Ambulance – England – The ransom demands have not been disclosed, nor have the organization’s intention to pay.
  • Park DuValle Community Health Center – Kentucky – Healthcare officials confirmed they paid the $70,000 ransom demands through a bitcoin payment.
  • Houston County Schools – Alabama – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Sabine School District – Louisiana – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Morehead Schoool District – Louisiana – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Ouachita School District – Louisiana – The ransom demands have not been disclosed, and school officials have not confirmed any intention to pay.
  • Gadsden School District – New Mexico – The ransom demands have not been disclosed; however, school officials confirmed they have no intention to pay.
  • Broken Arrow Schools – Oklahoma – Ransom demands have not been disclosed, and school officials have yet to comment on their intentions to pay.
  • Lyons County Schools – Nevada – School officials they did not pay the ransom, but their cyber insurance did negotiate a payment with the hackers.  The amount was not disclosed. 
  • Eye Care Associates – Ohio – Ransom demands were not disclosed, nor was the facilities intentions to pay.
  • Rockville Centre School District – New York – Paid hackers $88,000 for the decryption key to restore their network. (School’s out of pocket costs were $10k to cover the insurance deductable. 
  • Moses Lake School District – Washington – The ransom demand amount was not released; however school officials did confirm they did not pay. 
  • City of New Bedford – Massachusetts – The ransom demand was $5.3M.  The city offered to pay $400,000.  The hackered denied the offer and did not rebuttle.  The city opted to restore internally.
  • Premier Family Medical – Utah – Officials are not releasing the ransom demands, nor if the facility opted to pay them. 
  • Berry Family Services – Texas – Officials confirmed paying the ransom demands, but did not disclose the amount.

August 

  • Truman Medical Centers – Missouri – Ransom demands were not made public; however, officials did confirm a payment was made, but did not disclose the amount.
  • Camp Verde Unified School District – Arizona – The ransom demands were not made public, nor were the school’s intentions to pay.
  • Lincoln County Communications Center – North Carolina – The ransom demands were not made public, nor were the county’s intentions to pay.
  • Ohev Shalom Synagogue – Florida – Hackers demanded one bitcoin (approx. $10k), however, officials reported they will not be paying the demands.
  • Regis University – Colorado – Officials would not confim ransom demands or intentions to pay.
  • North Lamar Schools – Texas – Officials would not confim ransom demands or intentions to pay.
  • Lake County – Indiana – Officials would not confim ransom demands or intentions to pay.
  • Mineola Public Schools – New York – Officials would not confim ransom demands or intentions to pay.
  • New Kent County Public Schools – Virginia – Officials would not confim ransom demands or intentions to pay.
  • Nampa Idaho School District – Idaho – Officials would not confim ransom demands or intentions to pay.
  • Middleton School District – Connecticut – Officials would not confim ransom demands or intentions to pay.
  • Wolcott Public Schools – Connecticut – Officials would not confim ransom demands or intentions to pay.
  • Wallingford School District – Connecticut – Officials would not confim ransom demands or intentions to pay.
  • CHI Health – Nebraska – Officials would not confim ransom demands or intentions to pay.

September 

  • Flagstaff School District – Arizona – The ransom demands were not disclosed, nor were any intentions to pay.
  • Souderton Area School District – Pennsylvania – School officials have not confirmed what the ransom demands were, or if the school will be paying them in an effort to restore their networks. 
  • City of Robstown – Texas – The ransom demands are not known, but city officials stated they will not be paying the ransom demands.  
  • Travis County Appraisal District – Texas – The ransom demands are not known, but officials stated they will not be paying the ransom demands.  
  • Wakulla County School District – Florida – The school board has agreed to negociate a payment with the hackers.  The amount is not disclosed. 
  • Rockwall ISD – Texas – Officials are not confirming the total ransom demands or if those demands will be met in an attempt to restore their networks.
  • Campbell County Health – Wyoming – Officials are not confirming the total ransom demands or if those demands will be met in an attempt to restore their networks.
  • Houston County Schools – Georgia – The ransom demands were not released; however, school officials did confirm they had backup systems in place and were able to restore their networks without paying the ransom.
  • Wood Ranch Medical – California – Officials confirmed the data loss was too great, and will be closing operations indefinately in December, 2019.
  • Ava School District – The ransom demands were not made public; however, school officials reported they were restoring their networks using backups. 
  • Smyth County Schools – Virginia – Officials stating they have been asked to “pay big dollars” to restore their networks.  However, they plan to use the backup files instead to restore their network.
  • Jasper County – South Carolina – Officials are not confirming the total ransom demands or if those demands will be met in an attempt to restore their networks.
  • Southeastern Minnesota Oral & Maxillofacial Surgery – Minnesota – Officials are not confirming the total ransom demands or if those demands will be met in an attempt to restore their networks.

October

  • North Carolina State Bar – North Carolina – Officials are not confirming the total ransom demands or if those demands will be met in an attempt to restore their networks.
  • DCH Regional Medical Center – Alabama – Officials have confirmed, the ransom demands were met; however the amount is not being disclosed. 
  • Northport Medical Center – Alabama – Officials have confirmed, the ransom demands were met; however the amount is not being disclosed.
  • Fayette Medical Center – Alabama – Officials have confirmed, the ransom demands were met; however the amount is not being disclosed.
  • Cherry Hill School District – New Jersey – Officials haven’t released the ransom demand amount, or if the school will be paying in an attempt to restore their networks. 
  • City of Cornelia – Georgia – The city was able to restore its networks using their backup files. 
  • San Bernardino City Unified School District – California – Officials haven’t released the ransom demand amount, or if the school will be paying in an attempt to restore their networks. 

November 

  • Denver Public Library – Colorado – Officials did not report the ransom demands, or if they were met.  
  • Lincoln School District – Mississippi – Officials did not report the ransom demands, or if they were met.  
  • Wood County Schools – West Virginia – Officials are not releasing the ransom demands.  However, they did confirm they were in the midst of rebuilding their systems. 
  • State of Louisana – Louisiana – Officials reported they did not pay the ransom demands; however, did not disclose what those demands were. 
  • Chicopee School District – Massachusetts – School officials are not reporting the ransom demands or if they were paid in an attempt to restore their networks.
  • Livingston Public Schools – New Jersey – School officials have not reported what the ransom demands were, or if they were met in an effort to expedite remediation efforts. 

December 

  • Sycamore School District 427 – Illinois – School could not be reached for comment.  Ransom demands are unknown, as well as if the ransom was paid.
  • Town of East Greenwich – Rhode Island – Officials confirmed they were able to use their backup data to restore their networks.  The ransom demands were not disclosed.

6,234 total views, 9 views today

(Visited 1 times, 4 visits today)

9 thoughts on “Ransomware Attacks of 2019

  1. Our 2 servers were infected with HARMA in October 2019. Had to wipe all drives, reinstall OS and restore from our backups. We’re down for one week. The ransom ware came in via RDP port, 3389, which are now blocked. We had PC Matic SS installed.

    Oct 2016 our two servers and two clients were infected with ransomware ODIN. This ransomware was brought in via an attachment that was opened on one client. It spread fast before we could shut down all systems or pull LAN cables. We restored via our back up drives. Took one month to clean up and restore. We had PC Matic SS installed.

  2. My advice is to not click on anything you do not know. If something comes to your computer that you cannot shut down, then immediately shut down your computer, pull the plug or do whatever it takes to shut it down. If it is a Laptop or similar device pull the battery also
    This has been my best defense since I learned the hard way and destroyed my computer

  3. On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments… At this time, the evidence gathered indicates the attacks came from one single threat actor… Twenty-three entities have been confirmed as impacted.

  4. I was hit with gandcrab 5.2. Fortunately I found nomoreransom.org and labs.bitdefender.com and I had the few files I really needed backed up. So I waited until they came up with a cure. (Free, by the way) Unfortunately I still have no idea what I did to get it on my computer. I had pcmatic with supershield installed but I did something that let it get on my pc.

    • Hello Joe, if you have an idea of the date/time the infection took place, our support staff can look into your account history to determine how it infected your PC. If you’d like them to do this, please submit a ticket request at http://www.pcmatic.com/help

  5. I know for certain that several manufactures in northern Indiana have been hit. One of the manufacturers told me they were demanded $250,000. Another client hinted they were also told $250,000 for their files. Neither paid. I believe that tbe problems is for more widespread than what’s being reported and most manufacturers do not want the bad publicity to get out.

  6. We were attacked by the ransomware called RYUK. They demanded $250,000. It wiped out 25 PC’s and Server. Restored from backup and wiped all 25 PC’s. We were down for 4 days now still limping along while waiting to replace Server.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.