Following a Dec. 13 cyberattack, the city of New Orleans has declared a state of emergency, according to court filings.
The attack, which began at around 5 a.m. on Dec. 13, was detected around 11 a.m. on the same day. Following detection, New Orleans’ IT department told employees to “power down computers, unplug devices & disconnect from Wi-Fi,” New Orleans Mayor LaToya Cantrell tweeted. “All servers have been powered down as well,” she noted.
While the city’s website was taken down and remains down as of Dec. 16., the city’s emergency communications were not impacted. The city has deployed a temporary website with limited access to city resources, including 3-1-1 requests for services; the ability to pay sale, use, and parking taxes; and the ability to pay parking and camera tickets.
The city hasn’t reported that ransom requests have been made despite ransomware being detected. However, Cantrell said during a press conference that it was “very much part of our investigation.”
During a Dec. 14 press conference, CIO Kim Lagrue explained the city’s approach to the recovery process, “Our recovery process means we take in a new, a clean structure and we load information into that clean structure,” Lagrue said. “When we look at how the access might have been permeated or how our environment might have been permeated it was through a compromise of credentials that belong to city employees.”
City officials have touted the strength of the government’s response to the attack. They noted that it appears as though city employees did not interact with or provide credentials or any information to possible attackers. City officials credited strong training programs for New Orleans’ ability to operate without internet. City officials said that 4,000 computers must be scrubbed following the attack.
“If there is a positive about being a city that has been touched by disasters and essentially been brought down to zero in the past, is that our plans and activity from a public safety perspective reflect the fact that we can operate with internet, without city networking,” said Collin Arnold, director of Homeland Security and Emergency Preparedness for the city.
“New Orleans has taken steps to ensure our cyber safety,” Cantrell tweeted on Dec. 16. “[New Orleans] continues to take consistent steps to ensure we are [ready]. We will continue to invest in our infrastructure on all levels.”
New Orleans joins a long list of other cities and states impacted by ransomware attacks, including Louisianna (with two attacks), Baltimore, Flagstaff, Ariz., Texas, Syracuse, N.Y., Lake City, Fla., and Pensacola, Fla., among others.