The City of New Orleans ransomware attack has caused at least $7 million in financial damage to date, Mayor Latoya Cantrell told WVUE. In addition, Cantrell said she expects the ransomware attack's financial impact to continue to grow — despite the fact that the city has recovered $3 million via a cyber insurance policy that was purchased before the incident.
Meanwhile, the City of New Orleans still faces an IT backlog after the ransomware attack, Chief Administrative Officer Gilbert Montano told WVUE. Montano also indicated that it could take several months before the city rebuilds its network.
A Closer Look at the New Orleans Ransomware Attack
The City of New Orleans ransomware attack took place December 13. Cybercriminals shut down City of New Orleans government systems, and more than 4,000 New Orleans government computers were affected by the cyberattack.
New Orleans officials have taken steps to improve the city's security posture after the ransomware attack. The City of New Orleans plans to increase its cyber insurance coverage to $10 million this year, and a forensic investigation into the ransomware attack is ongoing.
How Can Organizations Address Ransomware Attacks?
Ransomware attacks affect municipalities, schools and businesses of all sizes. However, there are many things that any organization can do to combat ransomware attacks, such as:
- Perform regular IT security audits and penetration testing.
- Deploy endpoint protection solutions across IT environments.
- Develop and implement a cybersecurity training program to teach employees about ransomware and other cyber threats.
MSSP Alert Recommendations
The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:
- Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
- Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
- Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
- Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
- Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)