Cyber Incident Victim: Louisiana State Government
Date:
Nov 2019
Location:
United States of America
Summary
A ransomware attack impacted Louisiana state government systems, prompting immediate containment efforts by the Office of Technology Services. Proactive security measures, including server shutdowns to limit infection spread, caused temporary disruptions to email services, public websites, and internal applications, with some employees resorting to personal Gmail accounts for communication. While public-facing websites were restored promptly, certain internal systems remained offline for extended recovery. The state's coordinated response leveraged prior cybersecurity preparedness, including a commission established following earlier incidents, avoiding the need for a state of emergency this time due to effective mitigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 18, 2019, Louisiana's Office of Technology Services identified a ransomware attack targeting state government servers. Governor John Bel Edwards confirmed the threat affected a subset of servers but did not compromise all systems. OTS immediately activated established security protocols, deliberately taking affected servers offline to contain the malware's spread. This containment strategy caused widespread service interruptions across multiple state functions before the ransomware itself could inflict further damage. Email systems, public-facing websites, and internal applications became inaccessible during the shutdown. Agencies impacted included the Governor's office, the Legislature, and the Office of Motor Vehicles, as reported by local media outlet WAFB9. Some state employees temporarily shifted communications to personal Gmail accounts due to email outages. The governor emphasized that service disruptions stemmed from proactive defensive measures rather than direct effects of the ransomware payload. While public websites were restored relatively quickly, officials anticipated certain internal applications could remain offline for several days during recovery efforts.
The incident's full impact on Louisiana's internal networks remained unclear at the time of reporting, though no further ransomware spread occurred after containment. State officials prioritized restoring public access to essential services while conducting forensic analysis on affected systems. Louisiana's Cybersecurity Commission, established in 2017, coordinated the response, building on experience gained from ransomware attacks targeting three school districts earlier that same year. Those prior incidents had prompted Governor Edwards to declare a statewide emergency, a measure deemed unnecessary during this event due to faster containment. The state's decision to preemptively power down servers reflected updated protocols developed after the school district attacks. This approach limited operational damage despite causing intentional temporary outages. Recovery efforts proceeded with some restored functionality already confirmed at the time of initial reports, though full restoration of internal systems required additional time for security verification and data integrity checks.