On December 13, New Orleans suffered a cyberattack and as a result, Mayor LaToya Cantrell has declared a state of emergency. Suspicious activity was reported around 5 a.m. The activity escalated by 8 a.m. to include phishing attempts and ransomware. By 11 a.m. the city confirmed it was under a ransomware attack, at which time precautions were taken. The city’s emergency preparedness campaign, NOLA Ready tweeted, “suspicious activity was detected on the City’s network…activity indicating a cybersecurity incident was detected around 11a.m.” New Orleans’ IT department requested that all employees turn off computers and disconnect from Wi-Fi and to unplug any devices. Additionally, all city servers were powered down. Mayor Cantrell confirmed that the incident was a ransomware attack. The declared state of emergency was filed in court.
NOLA Ready indicated that emergency communications were not affected. The Real-Time Crime Center was powered down, but cameras would still record and footage would be available. Additionally, 911 was in service and the police and fire departments were able to operate as normal; they are “prepared to work outside of the city’s internet network.” Other departments are back to pen and paper for the moment.
“If there is a positive about being a city that has been touched by disasters and essentially been brought down to zero in the past, is that our plans and activity from a public safety perspective reflect the fact that we can operate with internet, without city networking,” Collin Arnold, Director of Homeland Security, said.
It is unclear what ransomware caused the attack. No ransom demand has been made at the time of publication. In October, the FBI issued a warning on high-impact cyberattacks on state and local municipal governments. The FBI warned that health care organizations, industrial companies, and transportation were also likely targets. Little information is known about this attack.
This cyberattack is the latest to hit state and local governments. In November, there was a cyberattack in Louisiana and in July school district computers were disconnected from online and another state of emergency was declared. It is not clear if any of the Louisiana attacks are connected. In Texas in August, 23 government organizations were taken offline as a result of a state-wide cyberattack. Pensacola also experienced a cyberattack the week before New Orleans.
It is evident that governments are susceptible to these kinds of attacks. “[S]tate and local government is woefully vulnerable to phishing-led hacking, primarily because CISOs focus on technological defenses when they should also be patching their colleagues with regular simulated ransomware attacks and security awareness training,” Colin Bastable, CEO of Lucy Security, a security awareness training company, said. “The problem with ransomware attacks is that they are not always immediately apparent[.] [T]he attack can be undetected for a relatively long time before being triggered.” Further, this attack could have been “initiated in parallel with the recent Louisiana attack.”
TechCrunch reported that “[g]overnments and local authorities are particularly vulnerable as they’re often underfunded and un[der]resourced, and unable to protect their systems from some of the major threats.” This makes it difficult for them to prevent these types of attacks.
The cyberattack is under investigation by federal, state and local agencies. It appears that no one interacted with or provided credentials or other information to the attacker.