The New Orleans government declared a state of emergency on Friday, December 13 after a ransomware attack spread through the city’s computer network.
NOLA Ready, the New Orleans’s emergency preparedness campaign, tweeted that morning that “suspicious activity was detected”, and it soon confirmed that a cyber attack had taken place.
City employees were instructed to shut down their computers and disconnect from Wi-Fi to prevent the ransomware from spreading. Likewise, all servers were powered down.
This caused massive delays, with public-sector workers resorting to pen and paper to complete tasks, while other activities had to be suspended altogether.
Residents were also unable to visit the city’s website, although a temporary web page was set up to make 3-1-1 requests and pay sales and use tax, parking fees, and camera tickets.
The city steadfastly refused to pay the ransom, eventually restoring its systems four days later, thanks to the recruitment of Louisiana state employees to help clean and restore infected devices.
How does ransomware work?
Ransomware is a specific type of malware that encrypts the files on a computer, essentially locking the owner out of their systems.
Once this has happened, the ransomware will display a message demanding that the victim makes a ransom payment to regain access to their files. Criminals generally plant the malware on victims’ computers by hiding it in an attachment contained within a phishing email.
Many ransomware attack victims feel obliged to pay up, because it’s the quickest and least expensive way to get back to business as usual. However, experts generally urge organizations not to negotiate, because ransom payments help fuel the cyber crime industry.
‘Say no to ransomware’
Ransomware attacks against governments have become all too common this year, with more than 55 attacks. The problem came to a head in the summer, when three Florida cities were targeted in the space of a few weeks.
The first was Riviera Beach, a small, relatively poor city north of Miami. But despite – or perhaps because of – its size, the city felt compelled to pay the cyber criminals’ $600,000 ransom after its systems had been shut down for three weeks.
The city had already set aside $1 million to buy new computers and hardware following the attack but decided it would be quicker and less expensive to simply pay up.
That was a disastrous decision, as it reinforced the precedent that if you infect local governments then they will pay up.
A week later, Lake City, a waypoint for tourists heading toward Orlando and southern Florida, caved to a $460,000 ransomware demand. Shortly afterward, Key Biscayne was targeted, sparking a meeting of the United States Conference of Mayors.
It unanimously agreed to stop paying ransomware attack demands following cyber attacks.
“Paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit,” the mayors wrote.
“The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm,” they added.
Despite the announcement, cyber criminals have continued to attack U.S. local government, although the number of attacks has decreased dramatically.
New Orleans’s response shows why: Cities are finally realizing that a disaster recovery plan is a much better solution.
Whether you pay the ransom or not, you’ll face huge delays and be left with a massive clean-up operation, so you might as well take the high ground and invest your money in recovery processes.
If every government and organization makes the same commitment, ransomware will become a much less lucrative option for cyber criminals.