Last week, Louisiana Governor John Bel Edwards declared a state of emergency following a series of ransomware attacks. Hackers have deployed an unidentified malware program at the Morehouse, Ouachita, and Sabine Parish school districts. As a result, the computer and telephone systems at those schools have been rendered inaccessible.
Once the malware attack was detected, school administrators contacted local law enforcement, state officials, and the Federal Bureau of Investigation. Following Gov. Edwards’ declaration, the Louisiana National Guard dispatched a team of cybersecurity experts to help deal with the problem.
According to Ars Technica, local administrators first became aware of the attack early on July 21. The technology supervisor at Florien High School, a Sabine Parish school, got an alert indicating that the school systems were using a high amount of bandwidth. Upon further investigation, administrators discovered that a ransomware program had infected Florien’s digital infrastructure.
As of this writing, Louisiana officials haven’t disclosed the extent of the damage or the type of malware used.
Colorado’s State of Emergency Cyber-Attack
Despite the recent surge in municipal ransomware attacks, government leaders rarely declare a state of emergency related to a cyber-attack. Most recently, Colorado administrators declared one after malicious operators hit the state’s Department of Transportation (DOT) with a debilitating malware assault.
Hackers infected the Colorado DOT’s digital infrastructure with the SamSam ransomware in February 2018. The attack made 2,000 municipal terminals inaccessible and temporarily put a group of state contractors out of work.
After coming to grips with the scale of the attack, regional leaders declared a state of emergency to get National Guard aid.
In April, local administrators were able to restore 80 percent of the state’s network at the cost of $1.5 million.
Last November, a federal grand jury indicted two Iran-based hackers for conducting the Colorado attack. Investigators determined Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri attacked more than 200 business, medical, and government systems with SamSam. The U.S. Justice Department indicted the hackers for various cybercrimes in November 2018.
As a result, the pair extorted over $6 million from their victims. Furthermore, prosecutors determined Savandi and Mansouri’s illegal operations cost U.S. and Canadian victims over $30 million. Notably, the city of Atlanta spent $17 million to recover from the duo’s SamSam deployment.
Because Savandi and Mansouri are reportedly located in Tehran, Iran, U.S. law enforcement agents have been unable to take them into custody.
Why Hackers are Targeting Municipal Systems
Malicious operators have targeted municipalities in recent years for a few different reasons.
For one thing, city and state networks tend to be comprised of patched together legacy systems that aren’t updated regularly. Consequently, hackers have an easier time finding and exploiting vulnerabilities in their digital infrastructures.
Plus, small towns and cities lack the capital to fund cybersecurity rapid response teams. Therefore, criminal malware can infest several critical government systems before being isolated.
Lastly, civic leaders have made major payouts to hackers to regain access to their digital infrastructures. In June, cybercriminals attacked the networks of a Florida city called Riviera Beach. In spite of law enforcement advice to the contrary, the Riviera Beach City Council paid a ransom of $600,000 in Bitcoin.
With the widespread availability of weapons-grade malware, municipal ransomware attacks are unlikely to decline in popularity.