Indiana National Guard hit by ransomware

The Indiana National Guard has posted a notice revealing it has fallen victim to a ransomware attack that compromised identifying information of its personnel.

An anonymous attacker, or group of attackers, reportedly infiltrated a “nonmilitary” server belonging to the National Guard, which contained “identifying information of its personnel,” according to a local publication.

The server contained information on civilian and military Guard members, the report says. An investigation into the breach has led state officials to believe the attack was not targeted.

“As a result of this action we are in the process of notifying personnel that may be affected, and that they should be alert for suspicious activity or fraudulent accounts being opened in their name,” the Guard said in a news release.

The ransomware strain used in the attack is not mentioned. However, a recent spike in ransomware attacks on US infrastructure has brought to light a new ransomware strain in the Troldesh/Crysis family that carries the “Gamma” moniker in its encryption extension. Gamma is essentially a sub-family of the larger Crysis ransomware family.

Analyzing the strain, Bitdefender researchers found Gamma leverages Remote Desktop Protocol (RDP) vulnerabilities and brute-force techniques (on endpoints with weak credentials). However, Troldesh/Crysis ransomware is typically deployed in large, targeted campaigns. If the Indiana State Police is correct about the attack not being targeted, the ransomware that infected the Guard”s systems likely was not a Crysis variant.