14 Dec 2019
It seems like something that only happens in movies and TV shows:
It’s Friday the 13th. You, your colleagues, your entire department, the entire city, in fact, receives the same command to power down their computers immediately and disconnect all devices from the network.
But this wasn’t a movie and it wasn’t a TV show… This actually happened to the city of New Orleans’ employees right before lunchtime on December 13th this year. It was a cyber attack so serious, in fact, that the New Orleans Mayor, LaToya Cantrell, declared a State of Emergency.
Around 5 a.m. (local time) that morning, the City of New Orleans’ emergency preparedness campaign, NOLA Ready, which is managed by the Office of Homeland Security and Emergency Preparedness, sent out a Tweet stating they found “suspicious activity was detected on the City’s network.”
Scary stuff, but it’s about to get even worse.
As investigations into the breach continued throughout the morning, NOLA Ready confirmed in another Tweet that a cybersecurity “incident” had in fact been detected, which is when they sent an order to all employees to power down and unplug. The cyber attack was so evasive, in fact, that the city was forced to power down all of its servers, as well.
Criminals today are holding data hostage, instead of humans, which seems, on the outset, to be a good thing.
However, a worrisome trend with hackers over the last few years has been their targeting of (notoriously under-secured) municipalities and medical practices. This practice can not only be extremely disruptive, but it also quite literally puts human lives at risk. In fact, it’s become so common that in October, the FBI felt compelled to issue a high-impact cyber-attack warning.
Cities and the healthcare industry make the perfect target because not only do they tend to be woefully unprepared for cyber attacks, but they also NEED the data that is being held hostage in order to operate, and, in some instances, save lives.
And this is exactly what happened to New Orleans.
Mayor Cantrell announced during a press conference that afternoon that the city had fallen victim to a ransomware attack that was so heinous, it necessitated the filing a state of emergency.
Information on the attack is still just trickling in, and the city has been rather tight-lipped about the details of the attack. Here is what they aren’t telling us:
- Who the attacker is. However, what has been discovered is that the likely malware used is called “Ryuk,” which has ties to organized crime in Russia and Eastern Europe.
- If a ransom has been paid or even demanded. When data is first taken hostage, the malware generally creates pop up box containing a ransom demand, but New Orleans has been “mum” about that topic.
- Was any data stolen? Ransomware tends to just encrypt files and data on a computer or network. Once the ransom is paid, they send code to decrypt them, but that doesn’t mean the hacker can’t decide to also steal the data.
That being said, there is some good news. For example, emergency communications have not been compromised and public safety cameras are still recording. NOPD, NOFD and 911 call centers are also able to operate normally, so while this breach was extremely far-reaching in that it impacted just about the entire city, it could have been much more dangerous for the citizens of New Orleans.
That being said, we really hope this incident will be an eye-opener for the rest of the country… A real wake up call to cities around our great nation that they need to be better prepared for WHEN, not IF, they become cyber targets.