Louisiana's state government came under a ransomware attack Monday that caused internet and website problems at a host of agencies, disrupting motor vehicles offices and other public-facing departments statewide.
"We are not going to open the Office of Motor Vehicles until Monday," Governor John Bel Edwards said at a press conference at the governor's mansion Thursday, adding the OMV needed the weekend to reboot. "I apologize for the inconvenience for this."
Edwards said people whose licenses are expiring during the time when the offices are closed will not be cited or fined for having an expired license, but that people should not use it as an excuse to be months late on renewing their licenses.
"We're going to make sure we're treating the public fairly," he said.
The Louisiana State Police said it will use "discretion" when encountering drivers with expired licenses and vehicle registrations. However, that "does not preclude troopers from taking appropriate enforcement action for other violations of state law," LSP said in a news release.
The IT team noticed the irregular pattern, saw that it was the Ryuk virus, which encrypts files, and didn’t read the ransom note, said Jacques Berry, spokesman for the Division of Administration.
Edwards said he activated the state's cybersecurity team in response in order to prevent further spread of the malware. He said the attack was "largely unsuccessful" because the state did not lose any data or pay any ransom, and that most of the issues will be resolved in a few days. The OMV was among the 250 of 5000 state servers that were hit with the ransomware attack, the governor said.
"There are lasting impacts at state agencies. We are working extremely hard to address those as we speak," he said. "It is the new normal, to be honest with you. And it's not going to go away."
The ransomware attack caused a host of state services to go down Monday, including results from the runoff election that occurred two days prior. The Louisiana Department of Health couldn't process certain Medicaid applications online. Many of the outages happened because the state shut down network traffic to prevent the attack from spreading.
The attack impacted the following agencies:
- Department of Public Safety
- Office of Juvenile Justice
- Department of Health
- Department of Education
- Department of Environmental Quality
- Department of Revenue
- Division of Administration
“The issue is that the computers we have, have to be reimaged. All of them. OTS has a big job,” Germain said, referring to the Office of Technology Services, which operates a sprawling network of state computer systems. “It’s going to take a little time to get all that straight, put it back the way it was and do it right.”
The attack was like automated rather than targeted, according to Jeffrey Allen Moulton, the executive director of the Stephenson National Center for Security Research and Training and the Transformation Technologies and Cyber Research Center at LSU.
“A lot of these exploits are automated,” Moulton said. The machines go out onto the internet and look for vulnerabilities in systems, then attach ransomware to them. The most likely culprit was a state worker clicking on some suspicious email or link without thinking, he said.
“We don’t know who did this, but we are working it,” Moulton said. Nobody will likely be prosecuted because it’s so difficult to gather evidence enough to stand up in court. But knowing the who, what, when and where will go a long way to helping technicians block similar approaches in the future.
©2019 The Advocate, Baton Rouge, La. Distributed by Tribune Content Agency, LLC.