BR.wildmotorvehicleoffice.112619. 0044 bf.jpg

The Office of Motor Vehicles location in Independence Park is busy during reopening after being shut down by ransomware last week Monday Nov. 25, 2019, in Baton Rouge, La.

More than two dozen of Louisiana’s motor vehicle offices remained closed Monday as state workers continued to respond to the lingering effects of a cyber attack that hit state servers two weeks ago.

Karen St. Germain, Commissioner of Louisiana’s Office of Motor Vehicles, said workers were slated to open half a dozen locations Monday for soft openings and were opening offices "as fast as we possibly can." She said staffers worked through the weekend to restore services at the OMV offices, which run on a decades-old computer system that has complicated the process. 

Many of the offices were still unable to process services like license reinstatements, while services were steadily added at locations across the state throughout the day. As of Monday evening, 54 locations were listed as open and 25 were still closed. 

The agency last week opened several of the offices in bigger metro areas like Baton Rouge, Lafayette and New Orleans. 

The closures at motor vehicle offices indicate the cyber attack that officials called largely unsuccessful was still hampering state services two weeks after the fact. OMV's servers were among the systems hit with the ransomware attack, while a host of other agencies saw temporary disruptions after officials shut down computer systems after the attack. 

While people are unable to reinstate their driver’s licenses at many locations, Louisiana State Police said its officers would continue to use discretion for people driving with recently-expired licenses until OMV offices reopen.

Two weeks ago, a ransomware attack – triggered by what officials suspect was an employee opening a sketchy link – hit several state servers including at the Office of Motor Vehicles. The state quickly shut down network traffic to prevent the spread, and have subsequently brought most of the state’s offices back online. Gov. John Bel Edwards said the state did not pay a ransom or lose data, and he said the effects could have lasted weeks or months under a worst-case scenario. Ransomware attacks typically lock users out of their computers until they pay a ransom, and the attackers threaten to delete the data if they aren’t paid.

Edwards activated the state’s cybersecurity response team after the attack. He also declared a state of emergency, allowing OMV and other agencies to forgive fines and fees for people unable to take care of business because the computers were down.

The computers at OMV offices have to be “reimaged,” meaning software had to be wiped and reinstalled. The computer system is about 40 years old and not accepting the reimage, St. Germain said, adding to the problems.

Nick Manale, a public affairs lieutenant with Louisiana State Police, said the public can check to see if their city’s location is open at https://offices.omv.la.gov/

Officials declined to offer a timeline for when OMV offices might be all open and fully functional.

“It’s just a fluid situation,” Manale said. “They’re literally having to go to each computer at each office and reimage it and get it back online.”

The OMV also has 160 privately-owned tag shops around the state, which were back up and running Monday. 

State workers found the virus in the early morning of Nov. 18, and shut down the state’s servers. Last week, doors opened at some OMV offices in larger areas of the state, including Baton Rouge and New Orleans, to long lines from customers who had waited a week to get a license or registration.

Louisiana Secretary of State Kyle Ardoin said the state’s election system was not affected by the attack.

Edwards said in a press conference on Nov. 21 that the ransomware attack was “largely unsuccessful” because the state didn’t pay a ransom or lose data. He also said the effects could have lasted months if the attackers were successful in taking over large numbers of servers.

In May, it took the city of Baltimore more than a month to restore its computer system after a similar attack. Atlanta spent nearly $3 million recovering services after databases were destroyed last year. Experts said the attack on Louisiana was likely conducted by professional criminals who target poorly-funded government agencies. 

The attackers infiltrated 10% of the state’s 5,000 servers, officials have said, and about 1,500 of 30,000 computers were damaged.

“It is the new normal, to be honest with you,” Edwards said. “And it’s not going to go away.”

Email Sam Karlin at skarlin@theadvocate.com