Cyberattack Hit 10% of Louisiana’s State Government Servers

One in ten of Louisiana’s 5,000 computer network servers that power operations across state government were damaged by this week’s cyberattack, a key technology official told lawmakers Friday.

Neal Underwood, Louisiana’s deputy chief information officer, said the ransomware attack wasn’t catastrophic to state government. No data was lost, and no ransom was paid. But Underwood said the effect for some agencies was significant, particularly at the Office of Motor Vehicles, which shuttered its branch locations all week to repair its computer network.

“I can assure you that none of the actual data in our enterprise was inappropriately accessed,” Underwood told the joint House and Senate budget committee.

Technology staff has been working around the clock since the attack to get online systems and services back up and running. Underwood expects all state agencies to resume normal operations by Monday. In some instances, he said computer systems have to be rebuilt from the state’s backup and recovery systems.

In addition to the 10% of network servers disrupted by the early Monday morning attack, Underwood said more than 1,500 of the state’s 30,000 computers were damaged.

An investigation into the source of the cyberattack is ongoing.

“Who are the bad guys? Where are they from?” asked Sen. Francis Thompson, a Democrat from Delhi.

Underwood said the ransomware likely came from outside the United States.

“This was a sophisticated and coordinated attack,” he said. “This was not some malcontent teenager in their parents’ basement.”

The attackers had access to Louisiana’s government computer servers for “a matter of hours” before they were discovered, Underwood said. The Office of Technology Services immediately shut down external access to network servers when the breach was discovered. That caused a wider disruption of state government websites and email than the actual ransomware attack, Underwood said.

Gov. John Bel Edwards planned to issue an emergency declaration Friday to ensure that people and businesses don’t face fines or penalties because of the cyberattack. For example, a driver won’t face a ticket if a driver’s license expired this week because the motor vehicle office locations weren’t open to renew that license.

The ransomware attack happened just two days after statewide elections for governor, legislative seats and other positions around Louisiana. Sen. Mack “Bodi” White, a Republican from Central, questioned whether that could cause problems for certification of election results or changed numbers in election returns.

“It happened at a very inconvenient time,” he said. “A lot of the conspiracy theorists are calling me.”

As White asked questions, Rep. Cameron Henry, the Jefferson Parish Republican who chairs the budget committee, received a text from Secretary of State Kyle Ardoin. Ardoin said the cyberattack caused “no impact whatsoever” to the election returns and results will be certified Tuesday as scheduled, Henry said.

Sen. Sharon Hewitt, a Slidell Republican, praised the quick reaction from Louisiana’s technology services office.

“I do believe it could have been much worse,” she said.