Computers were offline, offices were closed and city government's website was down on Friday as New Orleans officials sought to contain a cyber attack against its network that started in the early morning.
By late afternoon, the city had found no sign that any passwords were compromised or data lost in the attack, though an influx of suspicious emails meant city systems would be kept offline temporarily out of what Chief Information Officer Kim LaGrue described as an abundance of caution.
Asked at a 4 p.m. press conference whether any systems were compromised, LaGrue said, "There’s not that evidence; we have not confirmed that yet. But we did confirm that there was activity."
Suspicious activity in the form of phishing emails and other malware was initially detected at around 5 a.m. Friday, with increased activity detected at around 8 a.m., officials said. Officials determined between 11-11:30 a.m. that the attack had compromised the network, at which point city hall employees were instructed over the building's public address system to shut down and unplug their computers.
New Orleans Mayor LaToya Cantrell signed a declaration of emergency for the city after a ransomware attack was detected by staffers at city hall Friday morning.
At this time, the city does not believe any employee information was compromised during the phishing attempts that occurred.
The incident is being investigated by the city with assistance from the Louisiana State Police, Louisiana National Guard, the FBI and Secret Service, according to the tweets.
The city's 911 system was not affected by the attack, the city said.
Officials are running many services on pen and paper until it's deemed safe for computers to come back online, although the Orleans Parish Communication District (which handles both 311 and 991 lines) and courts weren't affected. The city added that emergency services' communications were still active, and that it could still obtain footage from public safety cameras if there was an incident.
It's unclear when computers will go back online, when the state of emergency will be lifted, or who the culprits were. City-scale ransomware attacks like those using SamSam have frequently been the work of extortionists hoping only for a windfall profit, although there are concerns hostile countries might use malware to bankroll programs. Louisiana's government faced its own ransomware attack in November and had to shut its Office of Motor Vehicles for days, although the state got back online without caving in to the attackers' demands.
Organizations of all types are targets of such attacks and it is not uncommon for unprepared companies to be shut down for days, weeks or to be put out of a business.
How do you stay secure or at least drastically reduce the risk? Follow these three steps to start:
1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined