author photo
By Bruce Sussman
Tue | Nov 19, 2019 | 8:35 AM PST

If you are a prominent figure and want news to spread fast, don't bother with a press release. Just post something on Twitter and the world will know what you've shared.

And that is how Louisiana Governor John Bel Edwards announced that the state is recovering from a ransomware attack. He posted a string of tweets about what is happening now in the state.

Louisiana ransomware attack announced on Twitter

This is how the news came out from @LouisianaGov:

"Today, we activated the state's cybersecurity team in response to an attempted ransomware attack that is affecting some state servers. The Office of Technology Services identified a cybersecurity threat that affected some, but not all state servers. #lagov #lalege"


That led to a long string of tweets, which detailed the state's response to the ransomware attack. All of these are from @LouisianaGov.

"OTS immediately initiated its security protocols and, out of an abundance of caution, took state servers down, which impacted many state agencies' e-mail, websites and other online applications."

"The service interruption was due to OTS' aggressive response to prevent additional infection of state servers and not due to the attempted ransomware attack. Online services started to come back online this afternoon, though full restoration may take several days."

"OTS has confirmed that this attempted ransomware attack is similar to the ransomware targeted at local school districts and government entities across the country this summer. There is no anticipated data loss and the state did not pay a ransom."

.@LAStatePolice and several federal agencies are investigating this attempted ransomware attack."

Louisiana ransomware attack disrupts driver tests and licensing

The attack hit Monday morning November 18, 2019, and impacted some public-facing services, including the Office of Motor Vehicles which closed early Monday and re-opened late on Tuesday. Here is the OMV's announcement:

Louisiana cyberattack was Ryuk ransomware

Ransomware comes in a lot of shapes, sizes, and flavors. In the Louisiana cyberattack, Ryuk ransomware was the variant used by cybercriminals.

Local publication The Advocate uncovered this nugget:

"The IT team noticed the irregular pattern, saw that it was the Ryuk virus, which encrypts files, and didn't read the ransom note, said Jacques Berry, spokesman for the Division of Administration. Instead, the team found where virus was attached to the programs and shutdown computers to avoid infecting other systems, Berry said."

How much will ransomware mitigation cost Louisiana?

Right now, it appears the State of Louisiana is in better shape compared to other government agencies hit by ransomware attacks in 2019. As we've reported, Florida became the ransomware state and cities sent hackers nearly $1 million in ransom.

And in Baltimore, ransomware ravaged the city network. However, it refused to pay cybercriminals and then spent more than $18 million to restart and rebuild. See "Baltimore Mayor: This Is Why I Didn't Pay the Ransom" for insight into the city's decision.

There continues to be a debate about ransomware attacks: to pay, or not to pay?

Louisiana cyberattack happens days after cyber announcement

The ransomware attack hit Louisiana state systems one week after the governor committed $10 million in state funding to build a new, state-of-the-art Louisiana Tech Research Institute (LTRI), which is focused on cybersecurity. And it's an effort to support cyber development for national security purposes, as well. 

There's no way to know if that news encouraged a hacker to attack the state systems, but believe it or not, you can track the sheer volume of malware to headline making news:

"Know, for your enterprise, if there is something happening in your city or state, or an election or military tension between your country and another, there will be malware that is on the rise, I can promise you that."

That's from Kenneth Geers, a Senior Fellow of the Atlantic Council. He's spent years tracking geopolitical events and their impact on cyberattacks. A great example is the malware spike that follows President Trump around the globe. 

If you're in Louisiana, maybe you can read that article while you wait for all of the state computer systems to come back online. 

[RESOURCE: SecureWorld 2020 cybersecurity conference calendar]

Tags: Ransomware,