New Orleans Staves Off Ransomware Attack After State of Emergency

The city of New Orleans declared a formal state of emergency on Dec 14, 2019 after a "cyber security event" was identified. There is evidence that the city's municipal networks were attacked with the Ryuk ransomware - one of the most common tools used by bad actors throughout 2019.

Suspicious activity on the New Orleans city network was first spotted in the early morning hours on Dec 13. Within hours, there were observable spikes of similar activity, which led to the IT security staff in charge of the city's network to perform an emergency shutdown of computers and servers in order to mitigate data loss and potential ransomware encryption impact. It was this rapid and network-wide shutdown that caused the city to declare a state of emergency, as a number of municipal services that relied on the network were not offline.

The good news is that the services vital to the safety of the city and its population - fire response units, police, and emergency medical services - are able to communicate and work while off the grid. Given that the city reported "very minimal" data loss in the incident, it would appear the city was adequately prepared for a possible attack. The city's Chief Information Officer Ms. LaGrue stated her team is always monitoring for similar risks and suspicious activity.

There has been no official announcement concerning the source of the attack, which is still under investigation, nor concerning any ransom demands and their magnitude.

There have been over 100 attacks on state networks located in various US states during 2019, and Ryuk has been instrumental in a significant number of them. A very recent example was the attack on state networks in Louisiana in November 2019 that led to more shutdowns of big agency servers.