Local, state, and federal officials are investigating a cyberattack that crippled the City of New Orleans on Friday, forcing the city to declare a state of emergency and shut down computer networks and servers.
Kim LaGrue, the chief information officer for the city of New Orleans, said that suspicious activity was first detected on the computer networks around 5 a.m. Friday. Attempted attacks on the computers spiked around 8 a.m. So far it appears the intrusions involved phishing attempts and ransomware, although the city said it did not receive a demand for ransom money.
Mayor LaToya Cantrell said that about 4,000 computers will need to be scrubbed before they go online again. Employees across multiple city agencies were told to power off and unplug their computer systems.
Critical public services, such as 911 and the New Orleans Police and Fire Departments, were not affected by the cyberattack, but some non-emergency services may be slowed as the city works to recover. The New Orleans Advocate published a list of city agencies and how they have been affected by the attack. Many agencies have been forced to record data manually instead of keying information in digitally.
The agencies most affected by the cyberattack appear to be Traffic Court and Municipal Court, which will remain closed on Monday and Tuesday. The attack may also affect Thursday’s City Council meeting, Council president Helena Moreno said in a statement Sunday. The Dec. 19 meeting is the city’s last meeting for 2019.
City officials, the Louisiana State Police, the Louisiana National Guard, the FBI and the Secret Service are all investigating Friday’s cyberattack – the latest in a series of attacks that have targeted the cities of Atlanta and Baltimore, 23 cities in Texas, Louisiana’s Office of Motor Vehicles, and the Pensacola Naval Base, among others.
According to MIT Technology Review, government computer systems are “juicy” targets for cybercriminals because city and state agencies “usually lack the resources or know-how to adequately protect their systems, and often run machines on outdated, unpatched software.”
Ransomware attacks are effective and extremely profitable for cyberthieves. Governments and other entities that have had their files or systems locked by ransomware usually have to choose between the cost of recovering and repairing their systems or paying the ransom.
Investigators found that the November 2018 cyberattack on Atlanta’s computer systems was the work of Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, two Iranian nationals who developed the SamSam ransomware that encrypted the city’s computer system.
According to the Atlanta Journal-Constitution, the pair attacked more than 200 victims across the U.S. and collected about $6 million in ransom over a three-year period going back to 2015. Federal authorities estimate that the ransomware caused more than $30 million in losses to various entities.
In Atlanta alone, taxpayers were forced to foot about $17 million in costs associated with recovering from the assault on the city’s computer networks. In an indictment of the two Iranian men who staged the attack, the city says the attackers demanded $51,000 in the form of Bitcoin payments in exchange for encryption keys to recover the compromised data. Atlanta officials said that no ransom was paid to the attackers.
Lawyers in Beasley Allen’s Consumer Fraud Section handle claims of economic losses resulting from data breaches and other cyber security issues. For more information about these issues, contact Leslie Pescia.