Cyber Incident Victim: City of Alexandria
Date:
Jun 2022
Location:
United States of America
Summary
The city of Alexandria, Louisiana, suffered a ransomware attack by the AlphV (BlackCat) gang, which claimed to have exfiltrated over 80 GB of compressed data and warned against repeating past mistakes while threatening a local news outlet that reported the incident. State cybersecurity resources were deployed to assist, and criminal investigations involving state and federal agencies were initiated. The attack disrupted network operations, forcing system closures, though specific service interruptions beyond data theft were not detailed. This incident followed prior ransomware attacks targeting Louisiana's infrastructure, highlighting ongoing vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 1, 2022, the AlphV ransomware gang (also known as BlackCat) publicly listed Alexandria, Louisiana, as a victim on its leak site, confirming a cyberattack against the city within Rapides Parish. Officials acknowledged the ransomware incident affecting municipal systems serving approximately 50,000 residents. The Louisiana Governor’s Office of Homeland Security and Emergency Preparedness deployed cybersecurity resources at the city and parish’s request, with Communications Director Mike Steele confirming state-level coordination. A criminal investigation was initiated involving state authorities and undisclosed federal agencies. AlphV’s public post taunted officials by referencing Louisiana’s 2019 statewide emergency declaration following ransomware attacks against school districts and parishes, warning, “Your servers are lying down again... This time you won’t get away with it.” The group claimed exfiltration of over 80GB of compressed city data and threatened local news outlet KALB for reporting on the breach—an unusual tactic analysts interpreted as an attempt to suppress media coverage that might hinder ransom negotiations.
The attack disrupted normal administrative operations, though specific affected systems or municipal services were not detailed in initial reports. AlphV’s data theft claim remained unverified by authorities, but the threat actor’s history of aggressive extortion tactics heightened concerns about potential exposure of sensitive information. Federal law enforcement joined state investigators in examining the intrusion, paralleling responses to prior Louisiana ransomware incidents. No ransom demands or payment details were disclosed publicly. The gang’s direct threat toward KALB marked a notable escalation in targeting communication channels, with Emsisoft threat analyst Brett Callow observing that such intimidation attempts against journalists could indicate attackers’ perception that media attention reduces their leverage. Recovery efforts and forensic analysis proceeded with state cybersecurity assistance while investigations continued to determine the full scope of compromised infrastructure and data.