Louisiana activated its cybersecurity team after the state was targeted in an attempted ransomware attack similar to those aimed at government organizations and local school districts during the summer, newly re-elected Governor John Bel Edwards tweeted Monday.
“The Office of Technology Services [OTS] identified a cybersecurity threat that affected some, but not all state servers,” Edwards said, explaining that “OTS immediately initiated its security protocols and, out of an abundance of caution, took state servers down, which impacted many state agencies’ e-mail, websites and other online applications.”
Public statements that Edwards made after previous "ransomware incidents impacting Louisiana school districts in July of 2016 suggested that [the] incidents were ‘severe, intentional security breaches,’” Kimberly Goody, manager, cybercrime analysis, at FireEye said. "Although specific details about the malware and attacker TTPs from the [earlier] incidents were not made public, this language is consistent with the type of broad distribution of ransomware we have seen post-compromise by users of Ryuk, LockerGoga, Robinhood and others.”
The latest attacks seem to be more of the same. State and local governments have been plagued by ransomware attacks, particularly over the last year with public reported incidents nearly doubling in 2019 over 2018, Goody said. “Typically, these attacks have involved the distribution of ransomware post compromise en masse through a victim environment,” she said. “This methodology allows threat actors to maximize their disruption of the victim organization effectively increasing the likelihood that the victim will acquiesce to ransom demands.”
Louisiana’s servers were already coming back up by the afternoon and Edwards said the state, which did not pay a ransom, didn’t anticipate any data loss.
Occurring just two days after Edwards's victory in Saturday's election sparked speculation that the attempted attacks were related to that contest. “It's not a coincidence that Louisiana's systems were attacked during an election,” said Seth Blank, director of industry initiatives, Valimail and co-chairman of the Election Security Special Interest Group (ES-SIG) of the email industry group M3AAWG. Indeed, the Louisiana governor's race attracted nationwide attention nationwide with President Trump visiting the state three times in the past month - the last time on the eve of the election - to boost Edwards's opponent, Eddie Rispone.
“While it’s fortunate the incident does not appear to have disrupted election activity, we can expect to see similar attacks as the 2020 election draws near, and other states may not be so lucky,” said Blank. “Given how many cities have been taken offline due to ransomware, there’s a very real threat to election integrity for municipalities that implement computer-based voting, electronic pollbooks, digital vote tabulation, or digital transmission of voting results — which is to say, virtually all of them.”