Cyberattacks Update: Ransomware Strikes Durant and Governments

Edward Zhou
Edward Zhou

CEO & Founder

 
July 16, 2025 3 min read

Durant Updates Residents on June Ransomware Attack

The City of Durant experienced a ransomware attack on June 1, which compromised sensitive information including names, addresses, social security numbers, and financial data from individuals who had interacted with the city. Following the attack, the city began collaborating with law enforcement and cybersecurity experts to manage the situation. Outside forensic and IT specialists were engaged to investigate the breach, which is still ongoing.

Residents are advised to monitor their accounts for suspicious activity and consider placing a fraud alert on their credit reports. The city has reported that some services, including digital and credit card payments, have been affected by this incident.

For more information, see the KXII news report.

Durant Ransomware Attack

Image courtesy of The Record from Recorded Future News

Cyberattacks Impacting Governments

In the past week, government systems in Ohio, Oklahoma, and Puerto Rico have faced significant cyberattacks. In particular, the city of Durant reported severe disruptions to services as a result of ransomware, causing issues with digital and credit card payments. Officials are working with law enforcement to restore operations. Emergency services, including 911, remain operational but communication delays are expected due to network outages.

Durant is not alone; other municipalities, such as Lorain County, Ohio, have also experienced cyber incidents leading to operational disruptions. For more details, visit the full report from The Record and check ongoing updates from local news outlets.

!Puerto Rico Cyber Incident
Image courtesy of The Record from Recorded Future News

Ransomware Group Incransom Targets Durant City

On June 17, 2025, Durant City became a target of a ransomware group known as Incransom, which has reportedly compromised over 800 GB of sensitive data. The attack not only highlights the vulnerabilities within municipal cybersecurity frameworks but also raises alarms about the potential exposure of critical personal information, including passport data and contact details of residents.

The city's management is under scrutiny for their handling of the situation, as the group has threatened to release the data unless their demands are met. The incident underscores the urgent need for robust cybersecurity measures to prevent such breaches. For more information, see the incident report from HookPhish.

Incransom Attack on Durant

Image courtesy of HookPhish

Google Warns About Vishing Attacks Targeting Salesforce Users

Google has issued a warning regarding a threat group (UNC6040) that is targeting Salesforce customers through voice phishing (vishing) and data extortion campaigns. This group impersonates IT support staff to gain unauthorized access to sensitive data. The attack highlights the increasing trend of cybercriminals targeting IT roles to facilitate breaches without exploiting platform vulnerabilities.

Organizations should be aware of such social engineering tactics and enhance their security protocols. For additional insights, read more from SecurityWeek.

CrowdStrike Under Investigation Following Major Software Bug

CrowdStrike is currently cooperating with federal authorities regarding a significant software bug that occurred last July, which disrupted millions of computers. The company's recent SEC filing disclosed that the Justice Department and SEC are investigating the incident, raising concerns about revenue recognition practices and annual recurring revenue reporting.

Organizations relying on CrowdStrike's services should stay informed about the developments. For further details, refer to the Wall Street Journal.

Demand for Cybersecurity Professionals Rising

With the surge in cyber threats, particularly driven by AI technologies, the demand for cybersecurity professionals is increasing. Organizations are encouraged to adopt modern defenses, including AI-driven solutions and zero-trust architectures. Reports indicate that many healthcare organizations are unprepared to respond effectively to these threats.

For organizations looking to bolster their cybersecurity posture, considering managed security service providers can be a strategic move. More information can be found in the latest report by LevelBlue.

Explore how Gopher Security can assist you in enhancing your cybersecurity measures to protect against evolving threats.

Edward Zhou
Edward Zhou

CEO & Founder

 

CEO & Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article