New Orleans Ransomware Attack: Recovery Update
New Orleans is striving to recover from a ransomware attack that started December 13. Out of an abundance of caution, the city has powered down all servers and websites, according to the New Orleans Facebook Page.
New Orleans ransomware attack details, as of December 14, include:
1. Attack Discovery: The city at 11:00 a.m. on Friday, December 13, detected suspicious activity on its networks that indicated a potential cyberattack.
2. Proactive or Reactive?: The city did not disclose whether the “detection” involved proactive security monitoring, or reactive response to PC and server encryptions.
3. Managed Security Services Providers: The city did not disclose whether it’s leveraging MSSP-type partner services.
4. Backups and Disaster Recovery: The city did not disclose whether it has proper business continuity systems in place to safeguard and recover its data.
5. Alerting Employees: Out of an abundance of caution, the city says, “all employees were immediately alerted to power down computers, unplug devices & disconnect from WiFi. All servers have been powered down as well.”
6. Emergency Services Not Impacted:
- Orleans Parish Communication District-OPCD 9-1-1 & 3-1-1 services are up and running.
- New Orleans Police Department, New Orleans Emergency Medical Services & New Orleans Fire Department are fully able to respond to emergencies as normal.
7. Coordinated Investigation: The City of New Orleans activated its Emergency Operations Center & is working with cybersecurity resources from the Louisiana State Police, FBI New Orleans, Louisiana National Guard & the Secret Service, the city said.
8. Ransomware Payment?: The city did not disclose whether it would need to pay ransom.
Louisiana Ransomware Attacks
The New Orleans ransomware attack comes only a few weeks after the State of Louisiana suffered a ransomware attack in November. As of early December, 75 percent of the state’s motor vehicle offices were still closed.
A similar attack hit the state’s school system in early 2019.
Amid the ongoing attacks, the U.S. Conference of Mayors in July 2019 unanimously resolved to no longer accede to any ransom demands from hackers.