Louisiana Governor John Bel Edwards activated the State’s cybersecurity team recently after several State offices’ computers started acting strangely. The IT team identified an intrusion of Ryuk ransomware and which programs were affected, and shut down computers to avoid spread of the infection.
During the outage, some state offices had no access to email, internet or other applications, and were unable to assist residents. To prevent the infection from spreading, all outgoing network traffic was terminated while investigating the cause. State departments were unable to provide services or information to the public while responding to the attack. This included 79 offices of the Office of Motor Vehicles that were completely shut down, preventing people from obtaining or renewing drivers’ licenses or vehicle registrations. The Secretary of State’s website and app also were down, and the Department of Health had no internet or email access. Those applying for coverage under Medicaid were unable to apply during the outage. The Louisiana Public Service Commission was unable to upload any reports, inspections or applications to its online database, and Department of Revenue computers were silent. The attack also prevented people from applying for food stamps.
All in all, it took the State about one week to recover from the attack and to get all the agencies back online. According to Louisiana officials, it was the most significant cyber event that Louisiana has faced, affecting some 500 of the state’s 5,000 servers and more than 1,500 of its 30,000 computers. It appears the attack was the result of malicious phishing, as the intruder was able to access the state’s system using a valid user name and password prior to downloading the Ryuk ransomware. Louisiana officials are reporting that no data was stolen during the attack, and that they will work with citizens and grant leniency as applicable, such as when someone is fined for not being able to renew their driver’s license during the outage.