Governor of Louisiana John Bel Edwards has declared a state of emergency after a malware attack in Louisiana. The attack hit Louisiana state systems on July 8. The Monroe city school system first reported the incident. Shortly thereafter the Sabine Parish school system reported a virus on its website.
Officials released a statement saying that: “The virus has disabled some of our technology systems and our central office phone system”. This widespread attack targeted the phone and computer systems of various school districts in the state.
The declaration made by the governor on Wednesday, July 24 will remain in effect through August 21. As a result, the primary point of concern is the ability for the effects of such an attack to spread to other mission critical systems.
According to the emergency declaration the event is described as multiple “severe, intentional cybersecurity breaches” affecting the Sabine, Morehouse, and City of Monroe school systems.
This is the state’s first cybersecurity emergency. The declaration of a state of emergency allows the state to call upon additional resources while responding to the incident.
Malware attack response team
Luckily for the state of Louisiana a recently created emergency support function was activated to assist in the aftermath. Therefore, the governor was able to call upon numerous supporting agencies. These include the Governor’s Office of Homeland Security, the Louisiana State Police and National Guard, the statewide Office of Technology Services, and academic and private-sector experts who can provide insight and advice.
Legally, this means that the state government can send resources to assist local governments affected by the incident.
Other groups assisting with the investigation and recovery include the FBI, and Louisiana’s own Cybersecurity Commission.
This attack comes shortly after the cyber attack on Key Biscayne Florida indicating a marked shift in targets for cybercriminals.
Public sector breach count climbs
Cybercriminals are increasingly targeting smaller and less prepared organization. For instance, the recent malware attack against school districts shows that cybercriminals are looking for easier targets that may have less robust security practices.
Typically, attackers deliver malware via phishing emails. For instance, they may send an email that supposedly contains information about employees’ payroll. The attached document however would contain a malicious macro triggering the attack.
The use of a phishing email depends on careless or less trained employees to click a malicious link. Therefore, to increase the likelihood of a user clicking their link, hackers look for targets that are unlikely to have advanced security training programs. This circumvents nearly all the perimeter defenses that may be in place. Once the ransomware is within a network, it is trivial for it to move laterally and cause unspeakable havoc.
According to CNN, there have been 22 reported ransomware attacks on small municipalities and school districts this year alone. Cybersecurity officials expect this number to climb as attacks use increasingly sophisticated techniques to bypass even advanced security measures.
The malware attack in Louisiana is not new. Cybercriminals are targeting small and less prepared organizations to increase the likelihood of the victims paying the ransom. That was not the case in this attack. This attack was a bad day for the attackers.