CyberWarfare / ExoWarfare

Ransomware Attack Hits Louisiana State Servers

One click on a phishing email can be enough to stop the government

Louisiana Governor John Bel Edwards on Monday revealed that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team.

The incident appears to have affected only some of the state’s servers, but the Office of Technology Services (OTS) decided to take offline all of the servers in an effort to ensure that the infection is contained.

“Today, we activated the state’s cybersecurity team in response to an attempted ransomware attack that is affecting some state servers. The Office of Technology Services identified a cybersecurity threat that affected some, but not all state servers,” Gov. Edwards announced on Twitter.

The ransomware attack, he revealed, impacted many state agencies’ email, websites and other online applications.

According to local news reports, the Office of Motor Vehicles (OMV) and the Louisiana Department of Health (LDH) were among the affected services.

“The service interruption was due to OTS’ aggressive response to prevent additional infection of state servers and not due to the attempted ransomware attack,” Gov. Edwards said.

While the affected services started to come back online on Monday afternoon, it might still take several days before they are fully restored.

The state did not pay a ransom in this attack and no data loss should have resulted from the incident. Federal agencies are investigating the incident, Gov. Edwards said.

According to OTS, the attempted assault is similar to the ransomware attacks that targeted local school districts and government entities over the summer.

In July, Louisiana declared an emergency in response to a malware attack targeting three school systems in Sabine and Morehouse parishes and the City of Monroe.

Days later, a fourth Louisiana school district was hit by a cyberattack, namely Tangipahoa Parish. The incident resulted in phone lines and email at schools and some offices being shut down.

The malware used in this week’s attack was the Ryuk ransomware, typically distributed via phishing emails, said Seth Blank, director of Industry Initiatives at Valimail and co-chairman of the Election Security Special Interest Group (ES-SIG) of the email industry group M3AAWG.

It’s not a coincidence that Louisiana’s systems were attacked during an election. While it’s fortunate the incident does not appear to have disrupted election activity, we can expect to see similar attacks as the 2020 election draws near, and other states may not be so lucky. Given how many cities have been taken offline due to ransomware, there’s a very real threat to election integrity for municipalities that implement computer-based voting, electronic pollbooks, digital vote tabulation, or digital transmission of voting results — which is to say, virtually all of them,” Blank told SecurityWeek.

“To stop these crippling cyberattacks, state and local governments need to implement proper best practices, starting by locking down the primary vector for such attacks by preventing the phish from getting to inboxes in the first place — which can be done by validating sender identity. Implementing DMARC is the critical first step,” Blank added.

“State and local governments across the United States have been experiencing an outbreak of ransomware attacks in 2019,” Kimberly Goody, manager of FireEye’s Cybercrime Analysis unit, said in an emailed comment to SecurityWeek. “Initial analysis suggests that publicly reported incidents have nearly doubled in comparison to 2018. Typically, these attacks have involved the distribution of ransomware post compromise en masse through a victim environment. This methodology allows threat actors to maximize their disruption of the victim organization effectively increasing the likelihood that the victim will acquiesce to ransom demands.”