20 December 2019

Ransomware Forces New Orleans To Declare State Of Emergency

Tom Jowitt

Another ransomware victim. Staff told to switch off computers as government of New Orleans declares state of emergency

The City of New Orleans on Friday declared a state of emergency after all governmental computers were forced to shut down.

The southern city was hit by a ransomware attack after phishing attempts and suspicious activity was first detected at 5am on Friday morning, CNN reported.

The attack reportedly intensified as city staff logged on for work at 8am, and the city declared a cyber security incident at 11am and asked all city staff to shut down computers.
Ransomware attack

Later in the day, the New Orleans Mayor LaToya Cantrell officially declared a state of emergency, a copy of which can be found here on Twitter.

The move does give the US city access to some much needed assistance from public bodies in the state.


“Out of an abundance of caution, all employees were immediately alerted to power down computers, unplug devices & disconnect from WiFi,” the city said. “All servers have been powered down as well. [NOLA government] websites will be down.”

While ransomware was detected, no ransom has been demanded in the cyberattack, Major Cantrell reportedly said.

The incident is being investigated by the city with assistance from the Louisiana State Police, Louisiana National Guard, the FBI and Secret Service.

The city’s 911 system was not apparently affected by the attack, the city said.

New Orleans is located in the US state of Louisiana.

In July Louisiana Governor John Bel Edwards declared a state of emergency after school systems in Sabine, Morehouse, and Ouachita parishes in North Louisiana were hit by ransomware attacks.

That July declaration was the first activation of Louisiana’s emergency support function relating to cybersecurity, which is newly created in Louisiana, in anticipation of the threat of cyber attacks.

Two years ago it created the Louisiana Cybersecurity Commission to access cyber threats, a move that stands in marked contrast to a lack of action from other US cities and towns.

Ransomware of course is a scourge of computer systems at the moment, and has impacted businesses and cities such as the City of Baltimore earlier this year.
IT failure

A security expert from Cybereason noted that the problem often for city IT departments is the way they have grown their computing infrastructure over the decades, often with no official rationale.

“Most cities and states are ancient organisations by comparison to most corporations, with ages measured in decades or centuries,” said Sam Curry, chief security officer at Cybereason. “The governance changes frequently, and IT has grown irregularly and often without formal rationale, especially in the smallest towns.”

“As a result, ransomware has hit many with no contingencies for a cyber crisis, no departments with bench strength and no know-how within the organisational structure,” said Curry. “It’s a perfect storm, and cities are advised to treat cyber like they would highways, zoning and education: systematically and as a core function.”

“Cyber attacks against the city of New Orleans and Pensacola, FL will likely kick off a string of copycat attacks and local municipalities and state governments should prepare for the genuine article and be ready,” he warned. “I urge city leaders not to put their heads in the sand because hoping for the best is not a strategy.”

“Before local and state municipal governments can start turning the tables on cyber adversaries, it is going to take political will, help from each other and the community,” he added. “The citizenry should demand existing leaders and new candidates for office have a cyber plan for the future.”

“In the event of a cyber attack that results in a short or long term loss of services to citizens, city officials should have both short term and long term goals. They need to first identify life or death systems and services like water distribution and healthcare and work to immediately to restore critical infrastructure,” said Curry.

“After the event, staff up and consider creating stronger organisations, agencies or departments,” said Curry. “Don’t be shy about asking for help at any point; if this was a hurricane or earthquake no one would blink an eye at asking for help. Practice and plan, early and often. Plan disaster recovery, crisis modes and actually drill so that paper and pen eventualities don’t cripple anything. Use peacetime to prepare as you would for natural disasters or any other crisis.”
Do not pay

Ransomware attacks of course always trigger a debate about whether to pay or not. The best advice is to never pay, but some officials do not follow that.

A Florida city in the US called Lake City earlier this year for example opted to pay hackers after a ransomware attack.

The Lake City decision to pay the hackers $500,000 (£394,000) was aided by the fact that insurance would cover most of the ransom.

That came after the council of another city in Florida (Riviera Beach City) voted unanimously to pay hackers $600,000 who took over their computer systems via a ransomware attack earlier this year.

No comments: