BR.wildcomputerglitch.111919. 0036 bf.jpg

Watching the empty cubicles in the background which are normally busy, people wait at the OMV hoping the computers come back online Monday Nov. 18, 2019, in Baton Rouge, La.

The Office of Motor Vehicles will remain closed, perhaps through much of Thursday, but state employees will get paid on time Friday as state technical workers continue to repair the computer system after a ransomware attack early Monday morning.

OMV officials say they’re working – “all hands on deck” – and making progress, but technicians and staffers aren’t ready yet to reopen and have not estimated time, at present. "It is our hope and expectation that the Office of Motor Vehicles will be open and going tomorrow (Thursday)," Gov. John Bel Edwards said Wednesday afternoon on his monthly call-in radio show.

But Karen St. Germain, the commissioner in charge of the Office of Motor Vehicles, said later Wednesday evening that she was hoping to open by noon the Baton Rouge office, which is about 100 yards from the OMV headquarters building. They're testing the connections and applications with the other 79 state-run motor vehicle offices and the 160 privately owned tag shops around the state.

But St. Germain won't make any guarantees at this point. "Each computer has to be tested," St. Germain said. Technicians are pulling down data and making sure the information is up to date.

The computers necessary to issue drivers’ licenses, vehicle registrations and other services have been down since Monday because of a ransomware attack on the entire state computer system. OMV's website is back up but it’s not accepting any transactions.

The Office of Technology Services has been bringing computer systems back on agency by agency, largely based on how important the systems are. Law enforcement, hospital and homeland security systems were first. The system that cuts paychecks has been restored so state employees will be paid Friday, said Jacques Berry, spokesman for the Division of Administration. Some private vendors, who sell services and equipment to state government, may have to wait another few days before they get paid.

Office of Technology Services personnel noticed the computer systems were operating irregularly Monday morning. They checked the code and found a Ryuk virus, which encrypts and denies access to files unless a ransom payment is made using untraceable Bitcoins. The virus, which most often becomes embedded when someone imprudently opens a suspicious email or attachment, has been used frequently to extort money from governmental agencies around the country.

It was found and fixed, over the summer, in several computer systems of seven school boards in Louisiana parishes.

The state’s technicians didn’t even open the ransom note. Instead, the IT team immediately started shutting down state computers to avoid infecting other systems. After the ransom code was removed, state experts need to go through the code to ensure noting has been added, then the computers can be used again.

Gov. Edwards told radio listeners that the prompt shut down of the computer systems turned what could have been 30-to-40 day event into a three-to-four day event.

The state has about 5,000 servers over which tens of thousands of computer applications are processed, spokesman Berry said Wednesday. Technicians found 132 servers had been infected, but all 5,000 have to be checked and rebooted. The applications have to be tested. "It's not as simple as flipping a switch," Berry said.

“The Governor's decision to proactively shut down computers to avoid collateral damage suggests just how consequential these attacks can be to governments and the citizens they serve,” Dave Weinstein, chief security officer of Claroty Ltd., a computer security firm based in New York, and former chief technical officer for the state of New Jersey. “It remains critical to patch IT infrastructure and continuously backup data and store it offline to avoid the hard decision about paying the ransom.”

Seven agencies were initially impacted in some capacity: the Department of Public Safety, Office of Juvenile Justice, Department of Health, Department of Education, Department of Environmental Quality, Department of Revenue and the Division of Administration, according to Christina Stephens, the governor’s spokeswoman. She added that most of the agencies impacted are functioning in some capacity.

But the impact is most noticeable at public-facing agencies, such as the Office of Motor Vehicles and the Department of Children and Family Services, which handles child support and food stamps. Much of the DCFS interface with the public is through its CAFE customer portal. On Wednesday night, the portal was working intermittently, agency officials report. But people with food stamps are able to use their SNAP Electronic Benefits Transfer (EBT) cards for purchases.

The attack caused the Louisiana Department of Revenue to extend the filing dates for state taxes due Wednesday, now making the due date to Monday, Nov. 25. The tax extensions cover payments of taxes, such as, for sales and use, hotel occupancy, beer, tobacco, fuel transporter, transportation and communication.

The attack did not compromise any state tax returns or taxpayer information, the Revenue department says.

Email Mark Ballard at mballard@theadvocate.com.