New Orleans fights off apparent cyberattack by declaring a state of emergency
New Orleans was forced to take computers offline on Friday in an apparent cyberattack, but as more details have emerged, either the attack wasn’t as bad as first seemed or the city stopped its spread.
Suspicious activity was first detected on the city’s network at 5 a.m. Friday, with the first reports of computers experiencing problems at 8 a.m. By 11 a.m. city employees were ordered to shut down computers and a state of emergency declared by Mayor LaToya Cantrell described the situation as a “cybersecurity incident.”
The initial thoughts were that the attack may have involved ransomware. Kim LaGrue, New Orlean’s chief information officer, said investigators had found evidence of phishing attempts and ransomware.
A ransomware attack would involve data being encrypted and a ransom demand being made, but this is where the official line starts to go awry: Cantrell said no ransom demand had been made.
Come Saturday, LaGrue announced that no data had been held for ransom and that a recovery operation was now underway. Confusing the messaging further, LaGrue then described the attack as “minimal” and that about 4,000 computers and 400 servers needed to be “scrubbed” as a precaution.
It is not impossible that the ransomware was stopped in its tracks before infecting machines, but it’s still strange that an “attack” as described by the city involved no infections.
“The problem with ransomware attacks is that they are not always immediately apparent,” Colin Bastable, chief executive officer of security awareness training company Lucy Security AG, told SiliconANGLE. “The attackers may need to navigate from their initial point of entry – usually via phishing email – to the systems and data that they need to encrypt. The attack can be undetected for a relatively long time before being triggered. This attack may have been initiated in parallel with the recent Louisiana attack.”
There’s something amiss in the way the story played out, at least as described by city officials. But to give them the benefit of the doubt, perhaps their emergency response stopped the attempted attack in its tracks.
An emergency deceleration may seem extreme, but it is far better for government, organizations and others to overreact to a potential threat than to react only after an attack has taken place.
Photo: volvob12b/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU