Targeted ransomware attacks on banking and finance, government, healthcare, and critical infrastructure are on the rise, with the latest victim being the state government of Louisiana.
The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced the state to take several state agency servers offline, including government websites, email systems, and other internal applications, to mitigate the risk of the malware’s infection from spreading.
The Monday’s ransomware attack resulted in the subsequent shutdown of a majority of large state agencies, including the Office of the Governor, the Office of Motor Vehicles, the Department of Health, the Department of Children and Family Services, and the Department of Transportation and Development, among others.
Louisiana Gov. John Bel Edwards revealed the incident in a series of tweets, saying that he had activated the state’s cybersecurity team in response to the cyber attack and that the shutdown of services was due to the state’s response and not due to the attack.
Ransomware attacks involve cybercriminals encrypting files and locking them up so users can’t access them without paying a ransom amount, which they demand typically in Bitcoin to give the user access to those files again.
Edwards noted that the Louisiana State Police and several federal agencies are already investigating the cyberattack that impacted nearly every major state agency.
This is the second major ransomware attack that Louisiana suffered this year. In July 2019, Louisiana declared a state of emergency following a coordinated ransomware outbreak that disrupted nearly half a dozen school districts.
Governor Edwards also confirmed that Monday’s cyber attack is similar to the July’s ransomware attack.
At this time, it’s unclear what family of ransomware malware was used in the latest attack, how the ransomware got into the state’s systems, and how much amount the attackers have demanded as a ransom.
However, the governor has assured that there is “no anticipated data loss” and that “the state did not pay a ransom.”