New Orleans Declares State of Emergency After Ransomware Attack

The recent cyberincident appears to have impaired a number of large city systems, but officials say recovery efforts are underway. The ransomware is the third large attack in the state this year alone.

by / December 16, 2019
Shutterstock

A ransomware attack Friday morning forced the city of New Orleans to shut down its computer system and network, declaring a state of emergency. 

While the impacts of the attack have been called "minimal," they have affected some 20 city systems, 400 servers and over 7,000 terabytes of data, Mayor LaToya Cantrell said during a recent press conference. Around 4,000 computers will need to be scrubbed, she said.

An increasingly common occurrence for state and local governments, the cyberattack is the third large ransomware incident to strike Louisiana in 2019 alone, following two previous large-scale attacks on state government in July and November, respectively.  

City officials first began noticing suspicious activity on the city's network around 5 a.m. Friday, before ultimately declaring a "cyberincident" around 11 a.m., after evidence of phishing attempts and ransomware were discovered. Servers were subsequently powered down and emergency policies implemented, Cantrell said Friday.

Those policies included the emergency declaration — which gives Cantrell the authority to suspend the provisions of any local law or ordinance that would "prevent, hinder or delay necessary action for coping with the emergency," according to the document.  

"The city remains actively involved in recovery efforts related to the cybersecurity incident last Friday, and individual agencies and departments will be impacted in various ways," said the mayor in a statement Sunday. "The city asks residents and vendors for their patience and understanding as our Information Technology team works to restore all operations to normal," she said.  

At the same time, the city officials are now working together with the Louisiana National Guard and cybersecurity teams at both the state and federal level, said Kim LaGrue, the city's CIO, during a Sunday press conference.  

"A digital forensic investigation is still in progress," said LaGrue. "There is much that we are still learning about this attack. The mechanisms [that were used] and what was significantly compromised. We expect that data loss will be very minimal." 

Officials said this weekend that while ransomware was present in the city's system, they were so far unaware of a ransom.   

As of Monday, the city had declared that its city hall would be open for normal business hours. Though nola.gov services are still down, a temporary website has been set up to help residents with services, Cantrell said Sunday. Public safety services were largely unaffected by the attack. 

New Orleans now joins the ranks of major U.S. cities — like Baltimore and Albany — to be struck by ransomware in a year when such cyberattacks rose to prominence as a threat to state and local government. Similar attacks also plagued smaller cities in Texas, Florida, and many other states across the country. 

Lucas Ropek Staff Writer

Lucas Ropek is a staff writer for Government Technology. He has worked as a newspaper reporter and writer in Massachusetts and New York. He received his Bachelor's degree in English from Kenyon College in Ohio. He lives in Northern California.

Platforms & Programs