Cyber Incident Victim: New Orleans Ernest N. Morial Convention Center
Date:
Jan 2020
Location:
United States of America
Summary
The Ernest N. Morial Convention Center experienced a ransomware attack that encrypted administrative data, rendering it inaccessible, though front-facing operations remained largely unaffected during ongoing events. Attendees and event organizers reported normal activities with no visible disruptions to schedules, registrations, or facility systems like security, climate control, and digital displays. A minor internet issue was resolved quickly but was likely unrelated. Future impacts may involve online processing for exhibitor services such as electricity and audiovisual equipment orders. The attack was identified as a variant of the Ryuk ransomware, believed to have origins in Russia, which circumvented existing cybersecurity protocols despite recent upgrades and staff training.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Ernest N. Morial Convention Center in New Orleans experienced a ransomware attack on Thursday, January 16, 2020, which encrypted administrative data and rendered it inaccessible. Hackers injected malicious software into the center’s computer networks, identified as a variation of the Ryuk ransomware strain believed to have origins in Russia. Convention Center President Michael Sawaya confirmed the attack in a press release issued Friday evening, January 17, stating the institution had fallen victim to cybercriminals despite maintaining "extreme vigilance and system redundancies." The attack specifically targeted backend administrative systems but did not disrupt "front of house" convention operations during the critical weekend following the breach. By Saturday, January 18, all scheduled events—including the DQ Expo 2020 and Mardi Gras Nationals cheer competition—proceeded normally, with attendees reporting no visible disruptions to programming or facilities.
Convention Center operations demonstrated significant resilience during the immediate aftermath. Critical infrastructure including electronic signage, lighting, presentation systems, and HVAC functions remained fully operational. Frontline staff such as security personnel and maintenance workers successfully clocked in using unaffected third-party systems. The only potential operational impact identified involved future exhibitor services requiring online processing, specifically electricity and audiovisual equipment orders. Vice President of Sales and Marketing Tim Hemphill acknowledged that while cybersecurity upgrades and staff training had been implemented, these measures proved insufficient against the rapidly evolving ransomware variant. He emphasized the challenge of maintaining defenses against such adaptable threats, noting the attack’s stealth enabled continued convention activities despite administrative paralysis. No public alerts or notifications were provided to patrons during the weekend events, reflecting the limited visible disruption despite significant backend compromise.