author photo
By Bruce Sussman
Thu | Nov 21, 2019 | 10:39 AM PST

When Louisiana's governor announced the ransomware attack on Twitter, his words downplayed the situation:

louisiana-governor-ransomware-tweet

It was an "attempted" ransomware attack, and the cybersecurity team jumped on it.

We're sure the security team did jump on it, however, we also know these types of attacks spread quickly—like the norovirus does in a school.

So we're unsure why the governor tweeted several additional times about the "attempted" attack unless he was just trying to make it seem less serious than it was.

If this was only an attempt, we don't want to see what a real ransomware attack looks like. 

Louisiana ransomware attack: long-lasting impacts

Here's one example of a significant impact from the attack that has dragged on much longer than anyone predicted.

Louisiana's Office of Motor Vehicles (OMV) closed on Monday, the day the ransomware outbreak hit.

The state anticipated reopening its 79 OMV locations on Tuesday. Then the timeline was pushed to Wednesday.

This was followed by a Wednesday night announcement by the Office of Motor Vehicles:

"Due to continued efforts to restore network and online services, statewide. OMV locations will remain closed Thursday morning, November 21, 2019. Officials with the Louisiana Office of Motor Vehicles and the Office of Technology Services have worked continuously since the beginning of the incident making progress to ensure all public systems are operational and ready for full service. Individual office openings will be evaluated as electronic services are restored throughout the morning."

Is all of this from an "attempted" attack on the state's servers? That is what the governor called it.

Louisiana's Deputy CIO explained to WBRZ what is taking so long to get the OMV rolling again:

"Those individual work stations were very hard hit with the workers in those offices," Deputy Chief Information Officer Neal Underwood said. "We have to go out around the state and touch each one of those work stations to take all the infected software off and put the new software on before we can open the office back up."

Louisiana ransomware attack: widespread impacts

In addition to recovery taking longer than anyone publicly predicted, the widespread nature of the ransomware attack is also being revealed one nugget at a time.

The state reported seven agencies as having been impacted in some way: the Department of Public Safety, Office of Juvenile Justice, Department of Health, Department of Education, Department of Environmental Quality, Department of Revenue, and the Division of Administration.

Now, we also know the ransomware attack impacted some of Louisiana's most vulnerable residents. The Advocate uncovered this one:

"The Department of Children and Family Services said Tuesday it was still dealing with the fallout from the computer issues. The child abuse and neglect line was available, but staff was still having trouble accepting reports. The agency's customer portal remained affected and child support payments could be delayed by at least a day, the department said."

And there were some impacts that perhaps no one saw coming, like the ability of trucking companies to move inventory to customers.

Check out this clip from Freightwaves, a trucking industry publication:

One company, Triple G. Express Inc., headquartered in New Orleans, said it couldn't move overweight intermodal containers for the company's primary account headed to the Port of New Orleans on Monday.

"Any overweight load was halted because we had no way of getting permits whatsoever," Mason Guillot, dispatcher with family-owned Triple G, told FreightWaves.

Approximately 50 of Triple G's 100-plus owner-operators were affected by the state systems being down, Guillot said.

These things provide more evidence that cyberattacks impact the physical world.

And they also provide evidence that this was more than an "attempted" attack, as the governor referred to it, although that terminology is still shaping headlines:

louisiana-attempted-cbyerattack

What started the Louisiana ransomware attack?

We are also learning how hackers got into the Louisiana state systems to begin the ransomware attack. WBRZ reported on this angle. It sounds like a possible case of shadow IT:

According to Cybersecurity Commissioner Jeff Moulton, the ransomware attack stemmed from an unapproved software download containing a virus. Moulton called the incident a case of "user error."

The software affected roughly 600 computers, and about 130 servers need to be rebuilt. That's less than 10 percent of the state's servers, Moulton said, although bosses at the Division of Administration later increased the assumption of affected computers to as many as 1,600 across 132 servers.

One thing our readers will be interested in: the Cybersecurity Commissioner says the state had an incident response plan ready and quickly put it into place, which is why the damage wasn't even worse.

So what do you think about the ways government officials or organizations characterize a cyberattack? How clear or explicit does this messaging need to be?

[RESOURCE: SecureWorld's regional cybersecurity conferences]

Comments