In mid-December, the city of New Orleans suffered a cybersecurity breach so severe the mayor called a state of emergency, demonstrating a significant change in the cybersecurity landscape moving into the New Year.
The ransomware attack in New Orleans began about 5 a.m. Dec. 13, when “suspicious activity” was detected on the city’s network, according to NOLA Ready, a local emergency preparedness campaign managed by the Office of Homeland Security and Emergency Preparedness. Citing a tweet from NOLA, Forbes magazine reported “activity indicating a cybersecurity incident was detected around 11 a.m.” More than 4,000 city computers were affected.
Upon detecting the suspicious activity, the city’s IT department ordered all employees to shut down their computers, disconnect from the Wi-Fi, and unplug their devices. The city powered down all its servers.
Damage Caused by Cybersecurity Breach
Later that day in a press conference, Mayor Latoy Cantrell confirmed the security breach was due to ransomware, which infects a network or device and encrypts the data, making it unusable until the owner pays a ransom. Cantrell filed a declaration of a state of emergency with the Civil District Court, stating in the document that the city of New Orleans anticipates “various state and city agencies will need to work cooperatively to mitigate any damage, current or future, as a result of the cybersecurity incident.”
New Orleans Chief Information Officer Kim LaGrue told WWNO, a station affiliated with New Orleans Public Radio, that the city was “prepared for a ransomware attack,” which means they had backups of the targeted data. According to LaGrue, the attack didn’t progress to the point where a ransom was demanded. The city’s strategy is to simply recover the data and return the system to normal.
However, while IT engineers inspected the affected computers and systems, many city employees – including the police department – were unable to access the technology necessary to perform their jobs. Meanwhile, the cost of rebuilding the city’s computer network was approaching $1 million as of Dec. 16th.
City officials from New Orleans have not publicly identified what type of ransomware was deployed in the attack. Still, several cybersecurity experts believe the likely weapon was RYUK, which hit state government servers in November, according to NOLA Media Group. RYUK, which is tied to organized crime, is a type of ransomware that infiltrates a computer, encrypts files, and demands payment – often in bitcoin – to decrypt the information.
Cyber Threats: A Perpetual Problem
According to Forbes, the FBI on Oct. 2 issued a cyber-attack warning in response to attacks on state and local governments, healthcare organizations, industrial companies, and the transportation sector. While the frequency of attacks remains about the same, the sophistication of the attacks is increasing. They also are more targeted and costly for victims.
NOLA Media Group cited a study from Emisoft released in mid-December that claimed the U.S. faced an “unprecedented and unrelenting barrage of ransomware attacks” in 2019. Nationwide, approximately 103 state and local governments and agencies, 759 healthcare providers, and 86 school districts, universities, and colleges were hit by cybersecurity attacks.
Heading into 2020, both public entities and private businesses should ensure they are protected against digital infiltration perpetuated by organized crime groups and individual actors. This means not only implementing safeguards against attacks on business tech but also having a disaster response plan. IT companies such as Integrated Axis Technology Group (IA) provide IT security services to ensure businesses’ networks are protected in the face of evolving cyber threats. From risk assessment and analysis to penetration testing and network monitoring, Integrated Axis can help companies in the Tucson area strengthen their ability to mitigate and recover from cybersecurity attacks in the New Year.