Source: New Orleans Declares State Of Emergency Following Cyber Attack | Forbes | David Winder
State of emergency declared by City of New Orleans
During a press conference, Mayor Cantrell confirmed that this was a ransomware attack. A declaration of a state of emergency was filed with the Civil District Court in connection with the incident.
NOLA Ready said that emergency communications had not been affected. Although the « Real-Time Crime Center » had been powered down, public safety cameras were still recording, and incident footage would be available if needed. The police and fire departments continued to operate as usual, and the ability to respond to 911 calls was not impacted.
Information is still scarce, while both the investigation, involving both State and Federal agencies, and the recovery process continue. It’s not known what ransomware malware was used during the attack, and Mayor Cantrell has said that no ransom demand has been made at this point in time.
On October 2, the FBI issued a high-impact cyber-attack warning in response to attacks on state and local government targets. This warned that health care organizations, industrial companies, and the transportation sector were also being targeted. Meanwhile, the attacks against government targets continue.
Ransomware attacks against government targets
The ransomware attack that has hit New Orleans follows another that targeted the state of Louisiana in November. Louisiana school district computers were also taken offline, and a state of emergency declared, in response to a ransomware attack in July. It isn’t yet known if the two were connected. However, in August, 23 government agencies were taken offline by a cyber-attack on the State of Texas. Which suggests that U.S. municipalities are firmly in the crosshairs of ransomware threat actors.
Colin Bastable, CEO of security awareness training company Lucy Security, said that « state and local government is woefully vulnerable to phishing-led hacking, primarily because CISOs focus on technological defenses when they should also be patching their colleagues with regular simulated ransomware attacks and security awareness training. »
« The problem with ransomware attacks is that they are not always immediately apparent, » Bastable said, « the attack can be undetected for a relatively long time before being triggered. » The New Orleans attack could well have been « initiated in parallel with the recent Louisiana attack, » according to Bastable.