Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Ransomware Attack Hits Louisiana State Servers

Louisiana Governor John Bel Edwards on Monday revealed that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team.

Louisiana Governor John Bel Edwards on Monday revealed that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team.

The incident appears to have affected only some of the state’s servers, but the Office of Technology Services (OTS) decided to take offline all of the servers in an effort to ensure that the infection is contained.

“Today, we activated the state’s cybersecurity team in response to an attempted ransomware attack that is affecting some state servers. The Office of Technology Services identified a cybersecurity threat that affected some, but not all state servers,” Gov. Edwards announced on Twitter.

The ransomware attack, he revealed, impacted many state agencies’ email, websites and other online applications.

According to local news reports, the Office of Motor Vehicles (OMV) and the Louisiana Department of Health (LDH) were among the affected services.

“The service interruption was due to OTS’ aggressive response to prevent additional infection of state servers and not due to the attempted ransomware attack,” Gov. Edwards said.

While the affected services started to come back online on Monday afternoon, it might still take several days before they are fully restored.

The state did not pay a ransom in this attack and no data loss should have resulted from the incident. Federal agencies are investigating the incident, Gov. Edwards said.

Advertisement. Scroll to continue reading.

According to OTS, the attempted assault is similar to the ransomware attacks that targeted local school districts and government entities over the summer.

In July, Louisiana declared an emergency in response to a malware attack targeting three school systems in Sabine and Morehouse parishes and the City of Monroe.

Days later, a fourth Louisiana school district was hit by a cyberattack, namely Tangipahoa Parish. The incident resulted in phone lines and email at schools and some offices being shut down.

The malware used in this week’s attack was the Ryuk ransomware, typically distributed via phishing emails, said Seth Blank, director of Industry Initiatives at Valimail and co-chairman of the Election Security Special Interest Group (ES-SIG) of the email industry group M3AAWG.

“It’s not a coincidence that Louisiana’s systems were attacked during an election. While it’s fortunate the incident does not appear to have disrupted election activity, we can expect to see similar attacks as the 2020 election draws near, and other states may not be so lucky. Given how many cities have been taken offline due to ransomware, there’s a very real threat to election integrity for municipalities that implement computer-based voting, electronic pollbooks, digital vote tabulation, or digital transmission of voting results — which is to say, virtually all of them,” Blank told SecurityWeek.

“To stop these crippling cyberattacks, state and local governments need to implement proper best practices, starting by locking down the primary vector for such attacks by preventing the phish from getting to inboxes in the first place — which can be done by validating sender identity. Implementing DMARC is the critical first step,” Blank added.

“State and local governments across the United States have been experiencing an outbreak of ransomware attacks in 2019,” Kimberly Goody, manager of FireEye’s Cybercrime Analysis unit, said in an emailed comment to SecurityWeek. “Initial analysis suggests that publicly reported incidents have nearly doubled in comparison to 2018. Typically, these attacks have involved the distribution of ransomware post compromise en masse through a victim environment. This methodology allows threat actors to maximize their disruption of the victim organization effectively increasing the likelihood that the victim will acquiesce to ransom demands.”

Related: Louisiana Schools Suffer Cyberattacks Ahead of Year’s Start

Related: Louisiana School Systems Cyber Attacked; Emergency Declared

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos' permanent CEO, and Jim Dildine has been named the company's CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

More People On The Move

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.