IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Unauthorized Download Led to Louisiana Ransomware Infection

Officials revealed to local media Wednesday that a minor security slip that led to the recent cyberincident. The state, while having mostly recovered, will need a few days for all services to be up and running.

In Louisiana, the unauthorized download of a program onto a government computer caused the infection that shutdown a majority of state agency websites and temporarily halted service delivery for dozens of state offices earlier this week.

That's according to Cybersecurity Commissioner Jeff Moulton, who spoke Wednesday with a local news outlet about the incident. Moulton, who is one of the members of the Governor's cybercounsel, said the infection ultimately spread to 130 servers and affected around 600 computers — from which officials say they will now have to remove and reinstall software.    

Early identification of the infection, discovered Monday morning, spurred officials with the Office of Technology Services (OTS) to initiate security protocols and shut down a majority of servers. This affected websites, email and Internet access for many agencies including the Office of the Governor, the Office of Motor Vehicles (OMV) and the Louisiana State Legislature, among others. 

Because of a prompt response, no data is believed to have been lost, state email is coming back online and a majority of government functions were protected rather than paralyzed. No ransom was paid, officials said.

While state residents did see temporary, but widespread, lapses in service delivery. Phone lines at the Children and Family Services department were down for several hours, hunting licenses could not be purchased, trucking operations were affected, and some 79 OMV offices being shutdown. But by Wednesday, most of the websites that had been taken offline were back up and running. Though some offices — like the OMV — will remain closed as ongoing network restoration takes place, government is expected to be back to normal within a few days.   

OMV Locations to Remain Closed Wednesday Due to continued efforts to restore network and online services, statewide OMV locations will remain closed Wednesday, November 20, 2019. As electronic services are restored, office openings will be evaluated and announced to the public. — LA State Police (@LAStatePolice) November 20, 2019
The relatively quick rebound that Louisiana is seeing is no doubt thanks to a number of safeguards that the state's Gov. John Bel Edwards has put in place over the last several years.

That includes the creation of ESF-17, the emergency response function designed to deal with cyberincidents. Monday, as with the attack in July, the state was able to mobilize a response team through the Governor's Office of Homeland Security and Emergency Preparedness (GOHSEP), sending a mix of personnel and resources to address the infection.  

The formation of the Louisiana Cybersecurity Commission — of which Moulton is an important member — has also been an important step in making sure the state has a diversity of stakeholders onhand and ready to contribute to response and recovery efforts.   

The governor's office released a statement Tuesday to address the ongoing efforts to recover the state systems. 

"State websites and many online government services that were taken down yesterday are now available Tuesday, as the state’s cybersecurity experts continue to respond to an attempted ransomware attack on state servers early Monday morning," read the statement from Edwards' office Tuesday. "OTS has confirmed that this attempted ransomware attack is similar to the ransomware targeted at local school districts and government entities across the country this summer." 

The attack is currently being investigated by the Louisiana State Police and "federal partners." 

Lucas Ropek is a former staff writer for Government Technology.