Unauthorized download contained virus that crippled La. government internet services, sources say

Gov. Edwards tweeted Monday evening that the state did not pay a ransom. / Source: MGN

(WAFB) - An apparent “ransom” attack crippled much of the Louisiana state government Monday.

Someone downloaded an unauthorized program containing a virus to a state computer, according to state cyber-security commissioner Jeff Moulton.

The virus was contained to 130 servers, impacting less than 600 clients. The software on each computer will need to be removed and re-installed through a process called re-imaging, but no data was compromised.

An administrator at the Office of Motor Vehicles (OMV) says it appears the state was hit by a ransomware attack. The Office of Technology Services (OTS) later confirmed this.

The attack, which was first reported around 11 a.m. Monday, forced a shutdown of state agency websites, as well as internet and email access. Governor John Bel Edwards says OTS immediately initiated security protocols and out of an abundance of caution, took down state servers, which is what impacted numerous state agencies’ email, website, online applications, etc.

Websites for the Office of the Governor, Louisiana State Legislature, Office of Motor Vehicles, Department of Corrections, and more were affected. The large-scale outage prevented OMW workers from performing most functions and customers were encouraged to return at a later time.

OMV locations were slated to reopen at noon on Tuesday as technicians continue to restore network and online services.

Signs posted on the front door of the main offices on Goodwood Boulevard indicated the building would be closed Tuesday. Louisiana State Police confirmed the offices will not be open at all Tuesday.

The public is being asked to exercise patience and only visit OMV locations for critical needs. Filing Unemployment Insurance claims could be delayed until later in the day.

Members of the public with business that is not available online should call the agency they need to work with directly.

“While it is nearly impossible to prevent all cyber attacks, because we have prioritized improving Louisiana’s cybersecurity capabilities, we were able to quickly neutralize the threat. The majority of the service interruption seen by employees and the public yesterday was due to our aggressive actions to combat the attack,” Commissioner of Administration Jay Dardenne said. “We are confident we did not have any lost data and we appreciate the public’s patience as we continue to bring services online over the next few days.”

A hacker can use ransomware to block access to a computer system, usually by encrypting it, until the “victim” pays a monetary ransom.

“Typically, ransomware includes a ransom,” an OMV official said.

Gov. Edwards tweeted Monday evening that the state did not pay a ransom.

Once the ransom software is installed “it would require a ransom to be paid before the attackers remove the virus,” the official said.

The issue also prevented business from being done at any of the state’s 79 OMV locations. A worker at The Louisiana Department of Health (LDH) said employees there were instructed to disconnect their computers from the network. Some trucking companies in the state are having to keep trucks off the road as they are unable to go onto the DOTD website to apply for and print out things like “overweight” permits.

Division of Administration spokesman, Jacques Berry, reached by phone, says there’s a “system issue,” but did not elaborate. He later added that no personal data has been put at risk.

Some online services began to come back online around 5 p.m. Monday evening. Gov. Edwards tweeted about the incident:

Edwards went on to say the state’s cyber security team was activated Monday to respond to the attempted ransomware attack. The governor’s commissioner of administration, Jay Dardenne, released the following statement Monday evening:

“No one is immune to these attempted cyber attacks, which is why Governor Edwards’ has focused on building Louisiana’s cybersecurity capabilities. Our experts train and prepare for these types of incidents and have been successful in mitigating similar issues in the past, including this summer when our teams successfully brought services back online following the cyber attack on local schools. We have confidence in our cyber safeguards, capabilities and personnel and we are working to bring as many online services back online as quickly as we can.”

It’s expected that the full restoration of state services could take several days, according to the Office of the Commissioner.

Copyright 2019 WAFB. All rights reserved.