On Friday December 13, 2019, the City of New Orleans suffered a cyberattack which forced it to shut down its servers while the incident was investigated. The attack was discovered around 5am on Friday when suspicious activity was detected on the network. The decision was taken to shut down its servers around 11am and employees were told to turn off their computers in an attempt to contain the attack. The City’s Emergency Operations Center was activated to manage the interagency response to the suspected attack and a State of Emergency was declared.
Initially it was unclear whether ransomware had been deployed as no ransom demand had been issued. New Orleans Head of IT, Kim LaGrue, later confirmed that ransomware had been found and numerous phishing attempts had been detected. It is unclear whether the ransomware was deployed following a response to a phishing email.
The city is now working to restore its systems. As of this morning, most services are operational as are all emergency services, which were unaffected by the attack. Fortunately, New Orleans is well prepared for cyberattacks. Emergency procedures allow services to continue even without internet access. That said, recovery is likely to take several days. “We’re looking to provide more information about city services and how quickly we can bring them back online very soon,” said LaGrue.
According to a report on Nola.com, around 4,000 computers will need to be wiped and rebuilt and 400 servers have also been affected.
No announcement has been made about the type of ransomware used in the attack and whether any files were encrypted. Bleeping Computer has reported that it has obtained some evidence that suggests Ryuk ransomware was used.
This is the second major ransomware attack on a U.S. City in the past week. The City of Pensacola in Florida was also attacked with ransomware. That attack did result in widespread encryption by Maze ransomware. The attackers demanded payment of a $1,000,000 ransom for the decryption keys. It is currently unclear whether the ransom has been paid.