Delaware, USA – November 19, 2019 – After a break, the cybercriminals resumed attacks on government systems in the United States. This time, the adversaries set their sights on Louisiana state government systems immediately after Governor John Bel Edwards was re-elected for a second term. The attack occurred on Monday, around 11 a.m. and at the moment it is not known which malware strain was used during the attack. Governor John Bel Edwards stated that the Office of Technology Services initiated security protocols and took down state servers to contain the infection. The state decided not to pay the ransom since only a small number of servers were infected, and no essential data was lost. Despite the fact that shutting down of the state servers impacted many state agencies’ e-mail, websites and other online applications, by the evening of Monday some services began to come back online and at the moment all affected websites are back to life, but full recovery of all systems may take some more time.
This is not the first ransomware attack targeted at Louisiana this year. A few months ago, attackers conducted cyberattacks on school districts in Sabine, Morehouse, and Ouachita locking their systems with ransomware, and the Louisiana governor declared a state of emergency. Probably it was the time when protocols that prevented serious damage in the recent attack were developed. Recall that approximately a month after the first attack on Louisiana, attackers successfully disabled 23 government agencies in Texas. You can use your SIEM and Ransomware Hunter rule pack to spot signs of ransomware attack at every stage of Cyber Kill Chain: https://my.socprime.com/en/integrations/ransomware-hunter