Some Offices Still Closed After Louisiana Ransomware Attack

Nearly three-quarters of Louisiana’s motor vehicle offices remained closed Monday as state workers continue to respond to the lingering effects of a cyberattack that hit state servers two weeks ago.

by Sam Karlin, The Advocate / December 3, 2019
Shutterstock

(TNS) — Nearly three-quarters of Louisiana’s motor vehicle offices remained closed Monday as state workers continue to respond to the lingering effects of a cyber attack that hit state servers two weeks ago.

Karen St. Germain, Commissioner of Louisiana’s Office of Motor Vehicles, said 28% of the state’s 79 OMV locations were up and running, with another six slated for soft openings Monday.

And none of the offices that are open are fully functional, she said, with license reinstatements still down at most locations. The agency has opened several of the offices in bigger metro areas like Baton Rouge, Lafayette and New Orleans, and many of them are processing vehicle registrations and drivers licenses.

The agency is opening offices “as fast as we possibly can,” St. Germain said, adding officials worked through the weekend to restore service at the locations. Workers are dealing with a decades-old computer system that has made getting the agency up and running more difficult.

The closures at motor vehicle offices indicate the cyber attack that officials called largely unsuccessful was still hampering state services two weeks after the fact. OMV's servers were among the systems hit with the ransomware attack, while a host of other agencies saw temporary disruptions after officials shut down computer systems after the attack.

While people are unable to reinstate their driver’s licenses, Louisiana State Police said its officers would continue to use discretion for people driving with recently-expired licenses until OMV offices reopen.

Two weeks ago, a ransomware attack – triggered by what officials suspect was an employee opening a sketchy link – hit several state servers including at the Office of Motor Vehicles. The state quickly shut down network traffic to prevent the spread, and have subsequently brought most of the state’s offices back online. Gov. John Bel Edwards said the state did not pay a ransom or lose data, and he said the effects could have lasted weeks or months under a worst-case scenario. Ransomware attacks typically lock users out of their computers until they pay a ransom, and the attackers threaten to delete the data if they aren’t paid.

Edwards activated the state’s cybersecurity response team after the attack. He also declared a state of emergency, allowing OMV and other agencies to forgive fines and fees for people unable to take care of business because the computers were down.

The computers at OMV offices have to be “reimaged,” meaning software had to be wiped and reinstalled. The computer system is about 40 years old, St. Germain said, adding to the problems.

Nick Manale, a public affairs lieutenant with Louisiana State Police, said the public can check to see if their city’s location is open at https://offices.omv.la.gov/.

Officials declined to offer a timeline for when OMV offices might be all open and fully functional.

“It’s just a fluid situation,” Manale said. “They’re literally having to go to each computer at each office and reimage it and get it back online.”

The OMV also has 160 privately-owned tag shops around the state, dozens of which have come back online but which also faced connectivity issues.

State workers found the virus in the early morning of Nov. 18, and shut down the state’s servers. Last week, doors opened at some OMV offices in larger areas of the state, including Baton Rouge and New Orleans, to long lines from customers who had waited a week to get a license or registration.

Louisiana Secretary of State Kyle Ardoin said the state’s election system was not affected by the attack.

Edwards said in a press conference on Nov. 21 that the ransomware attack was “largely unsuccessful” because the state didn’t pay a ransom or lose data. He also said the effects could have lasted months if the attackers were successful in taking over large numbers of servers.

In May, it took the city of Baltimore more than a month to restore its computer system after a similar attack. Atlanta spent nearly $3 million recovering services after databases were destroyed last year. Experts said the attack on Louisiana was likely conducted by professional criminals who target poorly-funded government agencies.

The attackers infiltrated 10% of the state’s 5,000 servers, officials have said, and about 1,500 of 30,000 computers were damaged.

“It is the new normal, to be honest with you,” Edwards said. “And it’s not going to go away.”

©2019 The Advocate, Baton Rouge, La. Distributed by Tribune Content Agency, LLC.

Platforms & Programs