Map of 245 ransomware attacks across 33+ states, to be updated as attacks continue.
Last Friday, Louisiana again announced another “cybersecurity incident,” later confirmed to be ransomware, this time striking the city of New Orleans. The city’s mayor announced a state of emergency, cautioning the cyber attack could result in harm to city property. City employees were ‘immediately alerted to power off computers, unplug devices, and disconnect from WiFi.’
The state of emergency was filed with the Civil District Court. New Orleans’ has an emergency preparedness campaign – NOLA Ready, who confirmed city computers had been shut down and the public was assured that no information was compromised.
NOLA Ready said: “Out of an abundance of caution, all employees were immediately alerted to power down computers, unplug devices & disconnect from WiFi. All servers have been powered down as well.” They also confirmed emergency services remained available and active even with servers offline, including 911, police, fire and medical services. New Orleans has notified and requested help from Louisiana’s State Police as well as the FBI, National Guard and US Secret Service.
Ransomware Repeat, Here We Go Again
It’s only been a few weeks since Louisiana’s Governor John Bel Edwards announced on November 18 another state of emergency for the same reason – hackers targeting many state agencies. Some of the state’s servers were affected and once again, officials of the Office of Technology Services (OTS) as a precaution took all servers offline.
Gov. Edwards said, “The service interruption was due to OTS’ aggressive response to prevent additional infection of state servers and not due to the attempted ransomware attack.”
Still, they revealed state email, websites and online applications were impacted. Some of the services affected included the Office of Motor Vehicles (OMV) and the Louisiana Dept of Health (LDH). Some services were back online the following Monday but others were expected to take longer to be fully up and running.
The attack was similar to other attacks on schools and city governments happening recently across the country. (See our blog Ransomware Attacks Rising Against Many Cities, Striking Local Governments & School Campuses, https://virsec.com/ransomware-attacks-rising-against-many-cities-striking-local-governments-school-campuses/ .) And in fact, in July, Louisiana declared its first cyber state of emergency after a malware attack targeted three school systems in their own Sabine and Morehouse parishes in Monroe, Louisiana. A few days later, a fourth school in Tangipahoa Parish was struck by ransomware again. Phone lines and email were affected and some offices closed.
In the three attacks in July, November and December, it’s important to note that the ransom demanded was not paid. The Governor also assured that no data was lost in any of the incidents.
In at least November’s ransomware attack, the malware used was Ryuk ransomware, often spread through phishing attacks via email.
Ransomware Struck During Louisiana Election
Observers noted that the cyberattack in November being targeted during an election was no coincidence. Fortunately voting activity was not impacted but this concern looms large over 2020 elections.
Every city relying on electronic voting systems, such as digital vote tabulation, pollbooks, digital transmitting of voting results, is at risk and subject to cyberattack. The clear message is States are well advised to take preventative action immediately.
US States Continuously Hit Across the Country by Ransomware in 2019
So far this year, the States listed below at least, if not more, have experienced ransomware attacks – representing more than half the country.
Alabama, Arizona, Arkansas, California, Colorado, Delaware, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Michigan, Montana, Minnesota, Missouri, New Jersey, New York, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Vermont, Washington, West Virginia, Wisconsin.
Cyber attack incidents have nearly doubled compared to last year. This increasing trend shows the strong and relentless effort of attackers to bring down city governments and schools using malware and ransomware. Their motive is for the gratification of causing disruption and their own enrichment. In most cases, the cities have not paid ransomware but on occasion some have to get their data back.
Sometimes hackers are not particularly imaginative – they keep using what works, such as simple phishing attacks disguised to look legitimate. And employees at every levels, including executives, continue to fall for the trick. And where attackers are creative, organizations and security companies must be even more imaginative. Companies must double down with equal or greater effort to defend against these attacks.
Use the comments below to tell us your experience.