New Orleans is the latest city to fall victim to a cyberattack, although it appears to have fared better than some of its peers. The city both declared a state of emergency and shut down most of its computers after detecting suspicious activity, including ransomware and a flurry of phishing emails. It’s not clear if the ransomware compromised any systems, although Mayor LaToya Cantrell said that there had been no ransom requests or evidence of employees being tricked into handing over login details.
Officials are running many services on pen and paper until it’s deemed safe for computers to come back online, although the Orleans Parish Communication District (which handles both 311 and 991 lines) and courts weren’t affected. The city added that emergency services’ communications were still active, and that it could still obtain footage from public safety cameras if there was an incident.
It’s unclear when computers will go back online, when the state of emergency will be lifted, or who the culprits were. City-scale ransomware attacks like those using SamSam have frequently been the work of extortionists hoping only for a windfall profit, although there are concerns hostile countries might use malware to bankroll programs. Louisiana’s government faced its own ransomware attack in November and had to shut its Office of Motor Vehicles for days, although the state got back online without caving in to the attackers’ demands.
The city credited its apparently successful response to preparedness. City CIO Kim LaGrue noted that the resilience to phishing likely came as a result of security training that started in the fall. Homeland Security director Collin Arnold added that New Orleans’ unfortunate experience with natural disasters like Hurricane Katrina also meant it was ready to operate offline. In that sense, the cyberattack may serve as an example of how to deal with major security incidents.