The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced the state to take several state agency servers offline, including government websites, email systems, and other internal applications, to mitigate the risk of the malware’s infection from spreading.
The Monday’s ransomware attack resulted in the subsequent shutdown of a majority of large state agencies, including the Office of the Governor, the Office of Motor Vehicles, the Department of Health, the Department of Children and Family Services, and the Department of Transportation and Development, among others.
Louisiana Gov. John Bel Edwards revealed the incident in a series of tweets, saying that he had activated the state’s cybersecurity team in response to the cyber attack and that the shutdown of services was due to the state’s response and not due to the attack.
“Today, we activated the state’s cybersecurity team in response to an attempted ransomware attack that is affecting some state servers. The Office of Technology Services identified a cybersecurity threat that affected some, but not all state servers,” Governor Edwards said.
“The service interruption was due to OTS’ aggressive response to prevent additional infection of state servers and not due to the attempted ransomware attack. Online services started to come back online this afternoon, though full restoration may take several days.”
Ransomware attacks involve cybercriminals encrypting files and locking them up so users can’t access them without paying a ransom amount, which they demand typically in Bitcoin to give the user access to those files again.
Edwards noted that the Louisiana State Police and several federal agencies are already investigating the cyberattack that impacted nearly every major state agency.
This is the second major ransomware attack that Louisiana suffered this year. In July 2019, Louisiana declared a state of emergency following a coordinated ransomware outbreak that disrupted nearly half a dozen school districts.
Governor Edwards also confirmed that Monday’s cyber attack is similar to the July’s ransomware attack.
“OTS has confirmed that this attempted ransomware attack is similar to the ransomware targeted at local school districts and government entities across the country this summer,” Governor Edwards said.
At this time, it’s unclear what family of ransomware malware was used in the latest attack, how the ransomware got into the state’s systems, and how much amount the attackers have demanded as a ransom.
However, the governor has assured that there is “no anticipated data loss” and that “the state did not pay a ransom.”