New Orleans' Mission: Clean 4,000 Computers in 48 HoursCity Sprints to Restore Services After Ransomware, Mayor Says
New Orleans is setting an aggressive pace to restore services after a ransomware attack crippled the city’s IT systems: fixing more than 450 servers and 3,500 endpoints in just 48 hours.
See Also: Top 50 Security Threats
In a press conference Thursday, Mayor Latoya Cantrell says the race is on to get IT systems working ahead of special events – Mardi Gras takes place in February - as well as ensure payments to vendors and employees go out on time.
She says the attack has been damaging, but maintained the outlook isn’t entirely gloomy.
“We’ve been hit pretty hard,” Cantrell says at a press briefing posted on Facebook. “But based on other municipalities through the country, we can see it could have been much worse.”
Local broadcaster WWL reported Thursday that the cost of the ransomware attack will exceed the city’s $3 million cyberinsurance policy. Cantrell says she plans to increase the coverage to $10 million, the station reported.
New Zealand security vendor Emsisoft, which makes tools to help ransomware victims, released statistics on Thursday on ransomware in the U.S. this year. The company counted infections at 948 government agencies, 759 health care providers and 86 universities, colleges and school districts.
Louisiana: Battered By Ransomware
New Orleans’ fight against ransomware is the latest incident affect Louisiana, which has seen local governments and schools infected throughout this year.
In July, Louisiana Gov. John Bel Edwards declared a state of emergency. At least four school systems were infected with ransomware in the northern part of the state in parishes including Sabine, Morehouse, and Ouachita (see: Louisiana Declares Emergency After Malware Attacks).
Just last month, the state’s Office of Technology Services found that several state agencies, including the state's Office of Motor Vehicles, were infected with ransomware (see: Louisiana Government Recovering From Ransomware Attack).
Cantrell says the infection was launched by attackers with a phishing email, which someone clicked on. From there, the attackers “gained access to credentials that has gotten us to where we are now,” she says.
“Based on what we have seen and also the actions that were taken by staff, it did not get to the point that our data has been held or we are being asked to pay a ransom,” Cantrell says.
The state has not yet identified the particular type of ransomware, although a forensic investigation is underway. The infection was detected early on Dec. 13. However, files uploaded to VirusTotal and noticed by Colin Cowie of Red Flare Security point to the Ryuk ransomware, which has been pervasive throughout this year (see: Ryuk Eyed as Culprit in New Orleans Ransomware Outbreak).
Reimaging and Scanning
New Orleans IT Director Kimberly LaGrue says the city is taking a thoughtful and methodical approach to bringing systems back online, as the city must ensure that all machines are free of the infection.
“Despite all the measures we took to avert this attack, we do know that our detection, the immediate actions and our well-orchestrated response plan put the city in the best and most resilient position to recover from our attack with the best possible outcomes,” LaGrue says.
The first priority is ensuring public safety while bringing systems online, she says. The next step is restoring access to its cloud-based financial system, which will allow the city to start doing normal functions such as issuing permits.
“Right now, it’s manual,” LaGrue says. “We want to return that to an electronic process so that we speed that up.”
"To put that into perspective, to set up a network, to configure it, to create a safe computing environment and to add all those endpoints with the complex network they have here in New Orleans, it would normally take several weeks to several months to do something like that. We are accomplishing that in a little bit over a week."
—Louisiana National Guard
New Orleans’ IT environment is complex, Cantrell says. The cloud-based financial system brings together four independent systems. Its payroll system is electronic, and the city is aiming to ensure it can make its payments to vendors on time so services aren’t disrupted, she says.
Louisiana’s National Guard is helping with the recovery as well as volunteers. The state so far as 35 guardsmen on the job, and additional volunteers will bring that number up to 70, according to a National Guard colonel who spoke at the press briefing. Also, the city has 20 industry partners aiding in recovery.
The goal is to either reimage or scan for malware more than 450 servers and 3,500 endpoints.
“To put that into perspective, to set up a network, to configure it, to create a safe computing environment and to add all those endpoints with the complex network they have here in New Orleans, it would normally take several weeks to several months to do something like that,” the National Guard officer says. “We are accomplishing that in a little bit over a week.”
LaGrue says that about 10 percent of those 4,000 machines have been reimaged, which involved reinstalling all software and data.
New Orleans: Still Open for Business
City officials emphasized that while the incident has had a large impact, many services are still running.
For example, the New Orleans Police Department is functioning as normal, including officers’ body cams and in-car cameras. One inhibited function – and perhaps not quite as essential, is that the department can’t process public records requests.
For local business, monthly sales tax revenues are due on Friday, but the city’s financial systems aren’t working. Perhaps unfortunately for some taxpayers, they can still make payments. Taxpayers can file their forms through Parish EFile or Sales Tax Online, as well as make manual payments, the city says.
“The Department of Revenue will service taxpayers in person at City Hall and will accept payments by cashier or personal check and money order,” according to the city’s website. “This can be done in person or by mail. City Hall employees will be paid on time.”