Louisiana's state government came under a ransomware attack Monday that caused internet and website problems at a host of agencies, disrupting motor vehicles offices and other public-facing departments statewide.
Gov. John Bel Edwards said he activated the state's cybersecurity team in response to an "attempted ransomware attack" that affected some state servers.
The Office of Technology Services, which operates the computer systems for much of Louisiana's state government, identified the threat, which was impacting some, but not all state servers, on Monday, Edwards said in a statement put out on social media.
"OTS immediately initiated its security protocols and, out of an abundance of caution, took state servers down, which impacted many state agencies’ e-mail, websites and other online applications," Edwards said. "There is no anticipated data loss and the state did not pay a ransom.”
The Louisiana State Police and several federal agencies are investigating the attempted ransomware attack, Edwards said.
Ransomware, often spread through phishing emails, denies access to computer systems or data until the user pays a ransom, according to the Louisiana Cyber Security Commission. If the demands are not met, the person conducting the ransomware attack could keep the data unavailable or delete it.
The service interruptions at public agencies was due to what the Division of Administration called its "aggressive response" to the ransomware attack. The Office of Technology Services, OTS, shut down computer systems to avoid infecting state internet servers.
The IT team noticed the irregular pattern, saw that it was the Ryuk virus, which encrypts files, and didn’t read the ransom note, said Jacques Berry, spokesman for the Division of Administration. Instead, the team found where virus was attached to the programs and shutdown computers to avoid infecting other systems, Berry said.
Earlier this year, two Florida cities – Lake City and Riviera Beach – paid hackers a total of $1.1 million in separate attacks, according to news reports. Alabama-based DCH Health System hospitals in Tuscaloosa, Fayette and Northport were attacked by Ryuk and reportedly paid the hackers to regain access to their databases.
Louisiana's IT team is working through the night to get the state computer systems back up as soon as possible, Berry said. The administration said online services and email started to come back online Monday afternoon, but it could take "several days" to get everything working again.
"Our experts train and prepare for these types of incidents and have been successful in mitigating similar issues in the past, including this summer when our teams successfully brought services back online following the cyber attack on local schools," Commissioner of Administration Jay Dardenne said in a statement. "We have confidence in our cyber safeguards, capabilities and personnel and we are working to bring as many online services back online as quickly as we can.”
Berry said the problems agencies were experiencing varied depending on how much they rely on the Office of Technology Services. Some offices had no access to email, internet or applications. The Division of Administration shut down “all outgoing network traffic” to investigate the cause without making the problem worse, Berry said.
Keith Neal, director of project management for the Office of Motor Vehicles, said he called the state's IT department when the OMV computers started acting screwy Monday morning. After about 15 or 20 minutes, the system stopped working altogether. He said the attackers locked the data and access to the computers early Monday morning, and the state's computers were down all day Monday.
Neal said computers at 79 motor vehicle offices statewide went offline.
"We are virtually shut down," he said. OMV staff was trying to process documents but couldn't issue driver's licenses.
Louisiana Secretary of State spokesman Tyler Brey said that office’s website and app were down. Louisiana Department of Health spokesman Bob Johannessen said that agency did not have internet or email access. Nobody could apply for coverage under Medicaid expansion.
The Department of Revenue's computers are locked as are those at the Louisiana Public Service Commission. The PSC accepted and stamped utility regulatory filings but couldn't add the reports, inspections and applications to its online database. The State Police maintained its physical presence on the highways.
But, it's the agencies that deal directly with the public that were affected the most.
People seeking food stamps couldn't apply. But most of the 375,000 recipients of SNAP benefits could still use their card to purchase food, said Catherine Heitman, spokeswoman for the Department of Children and Family Services. The department loads the EBT cards, electronically, during the first two weeks of the month, so for the most part, food stamps are available. Additionally, reports of child abuse have to be phoned in to 1-855-452-5437, rather than submitted on line which is the usual procedure, she said.
This attempted ransomware attack is similar to the ransomware targeted at local school districts and government entities across the country this summer, Edwards said.
School systems in Sabine, Morehouse, and Ouachita parishes were attacked by malware in July. In response, Edwards activated the state's first cybersecurity emergency, which allowed access to more resources. The declaration enables local governments to utilize cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services and others to resolve cyberattacks.
CNN reported 22 governmental entities around the nation were attacked over the summer.
What loss of state computers meant for regular people
• Issue drivers’ licenses
• Renew vehicle registrations
• Apply for food stamps
• Report child abuse
• Get a hunting license
• Check election results