Cyber Incident Victim: City of New Orleans
Date:
Dec 2019
Location:
United States of America
Summary
The City of New Orleans experienced a ransomware attack prompting immediate shutdown of its IT infrastructure, including computers, servers, and WiFi networks, with employees instructed to disconnect devices to contain the spread. Critical services such as the city website and police department networks were taken offline, though emergency systems like 911 remained operational using backup communications. No ransom demand was initially identified during the ongoing investigation, which involved multiple agencies including the FBI and Louisiana State Police. This incident marked the third ransomware attack within the state that year, following prior infections targeting school districts and state government networks, disrupting data access across affected entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 13, 2019, the City of New Orleans experienced a ransomware attack discovered at approximately 11:00 AM local time. City officials confirmed the incident during a press conference, identifying it as a ransomware infection but noting no ransom demand had been received at the time of disclosure. Immediate containment measures included instructing all city employees via public loudspeakers and other channels to power down computers, unplug devices, and disconnect from municipal WiFi networks. This response led to the proactive shutdown of the city’s servers, including the nola.gov website, to prevent further spread of the malware. The attack impacted multiple city entities, including New Orleans City Hall and the New Orleans Police Department (NOPD), which completely disconnected its IT network as a precaution. While NOPD officers remained operational in the field using radio and backup communication systems, they lost access to historical data stored on departmental servers. Emergency services such as 911 remained functional throughout the incident.
The city engaged multiple external agencies to investigate and remediate the attack, including the Louisiana State Police, FBI New Orleans Field Office, Louisiana National Guard, and the US Secret Service. Mayor LaToya Cantrell emphasized the investigation remained ongoing during the initial press conference. This incident represented the third major ransomware attack affecting Louisiana entities within a four-month period, following August 2019 attacks on three school districts that prompted a statewide emergency declaration and a November 2019 incident impacting Louisiana’s state government IT network. Recovery timelines for prior state government systems extended weeks beyond the initial attack, with some access issues persisting but projected for resolution by year-end. The New Orleans attack continued a pattern of ransomware targeting major US municipalities, following high-profile incidents in Atlanta (2018) and Baltimore (2019). Operational disruptions persisted due to system isolation measures, though critical emergency response capabilities remained intact.