Unauthorized download contained virus that crippled La. government internet services, sources say

Published: Nov. 19, 2019 at 8:44 AM CST
Email This Link
Share on Pinterest
Share on LinkedIn

An apparent “ransom” attack crippled much of the Louisiana state government Monday.

Someone downloaded an unauthorized program containing a virus to a state computer, according to state cyber-security commissioner Jeff Moulton.

The virus was contained to 130 servers, impacting less than 600 clients. The software on each computer will need to be removed and re-installed through a process called re-imaging, but no data was compromised.

An administrator at the Office of Motor Vehicles (OMV) says it appears the state was hit by a ransomware attack. The Office of Technology Services (OTS) later confirmed this.

The attack, which was first reported around 11 a.m. Monday, forced a shutdown of state agency websites, as well as internet and email access. Governor John Bel Edwards says OTS immediately initiated security protocols and out of an abundance of caution, took down state servers, which is what impacted numerous state agencies’ email, website, online applications, etc.

Websites for the Office of the Governor, Louisiana State Legislature, Office of Motor Vehicles, Department of Corrections, and more were affected. The large-scale outage prevented OMW workers from performing most functions and customers were encouraged to return at a later time.

Louisiana State Police confirmed OMV offices will not be open at all Tuesday.

The public is being asked to exercise patience and only visit OMV locations for critical needs. Filing Unemployment Insurance claims could be delayed until later in the day.

Members of the public with business that is not available online should call the agency they need to work with directly.

“While it is nearly impossible to prevent all cyber attacks, because we have prioritized improving Louisiana’s cybersecurity capabilities, we were able to quickly neutralize the threat. The majority of the service interruption seen by employees and the public yesterday was due to our aggressive actions to combat the attack,” Commissioner of Administration Jay Dardenne said. “We are confident we did not have any lost data and we appreciate the public’s patience as we continue to bring services online over the next few days.”

A hacker can use ransomware to block access to a computer system, usually by encrypting it, until the “victim” pays a monetary ransom.

“Typically, ransomware includes a ransom,” an OMV official said.

Gov. Edwards tweeted Monday evening that the state did not pay a ransom.

Once the ransom software is installed “it would require a ransom to be paid before the attackers remove the virus,” the official said.

The issue also prevented business from being done at any of the state’s 79 OMV locations. A worker at The Louisiana Department of Health (LDH) said employees there were instructed to disconnect their computers from the network. Some trucking companies in the state are having to keep trucks off the road as they are unable to go onto the DOTD website to apply for and print out things like “overweight” permits.

Division of Administration spokesman, Jacques Berry, reached by phone, says there’s a “system issue,” but did not elaborate. He later added that no personal data has been put at risk.

Some online services began to come back online around 5 p.m. Monday evening. Gov. Edwards tweeted about the incident:

"OTS has confirmed that this attempted ransomware attack is similar to the ransomware targeted at local school districts and government entities across the country this summer. There is no anticipated data loss and the state did not pay a ransom.The service interruption was due to OTS’ aggressive response to prevent additional infection of state servers and not due to the attempted ransomware attack. Online services started to come back online this afternoon, though full restoration may take several days."

Edwards went on to say the state’s cyber security team was activated Monday to respond to the attempted ransomware attack. The governor’s commissioner of administration, Jay Dardenne, released the following statement Monday evening:

“No one is immune to these attempted cyber attacks, which is why Governor Edwards’ has focused on building Louisiana’s cybersecurity capabilities. Our experts train and prepare for these types of incidents and have been successful in mitigating similar issues in the past, including this summer when our teams successfully brought services back online following the cyber attack on local schools. We have confidence in our cyber safeguards, capabilities and personnel and we are working to bring as many online services back online as quickly as we can.”

It’s expected that the full restoration of state services could take several days, according to the Office of the Commissioner.

Copyright 2019 WAFB. All rights reserved.