1 min read

Indiana National Guard hit by ransomware


October 23, 2018

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Indiana National Guard hit by ransomware

The Indiana National Guard has posted a notice revealing it has fallen victim to a ransomware attack that compromised identifying information of its personnel.

An anonymous attacker, or group of attackers, reportedly infiltrated a “nonmilitary” server belonging to the National Guard, which contained “identifying information of its personnel,” according to a local publication.

The server contained information on civilian and military Guard members, the report says. An investigation into the breach has led state officials to believe the attack was not targeted.

“As a result of this action we are in the process of notifying personnel that may be affected, and that they should be alert for suspicious activity or fraudulent accounts being opened in their name,” the Guard said in a news release.

The ransomware strain used in the attack is not mentioned. However, a recent spike in ransomware attacks on US infrastructure has brought to light a new ransomware strain in the Troldesh/Crysis family that carries the “Gamma” moniker in its encryption extension. Gamma is essentially a sub-family of the larger Crysis ransomware family.

Analyzing the strain, Bitdefender researchers found Gamma leverages Remote Desktop Protocol (RDP) vulnerabilities and brute-force techniques (on endpoints with weak credentials). However, Troldesh/Crysis ransomware is typically deployed in large, targeted campaigns. If the Indiana State Police is correct about the attack not being targeted, the ransomware that infected the Guard”s systems likely was not a Crysis variant.




Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like