Critical Infrastructure Security , Cybercrime , Fraud Management & Cybercrime

Louisiana Declares Emergency After Malware Attacks

At Least One of Four School Districts Confirmed Ransomware
Louisiana Declares Emergency After Malware Attacks
Louisiana Gov. John Bel Edwards in Lafayette on Aug. 3, 2016. (Source: Wikimedia Commons/CC)

Louisiana’s governor issued an emergency declaration on Wednesday in response to a rash of malware infections, hitting some of the state’s public schools.

See Also: Defining a Detection & Response Strategy

The move by Gov. John Bel Edwards marks that first time the state has declared an emergency over cyber incidents.

School systems in three parishes in the northern part of the state - Sabine, Morehouse, and Ouachita – have been affected, according to a press release from the governor’s office. Louisiana did not identify the malware, but one school district has identified their problem to local media as ransomware.

Cities, school and hospital across the U.S. have been hit by crippling ransomware attacks. The malware encrypts files, with the attackers demanding a payment in exchange for the decryption key. Some organizations have opted to pay the attackers, while others – such as Baltimore – have taken the hit on the chin (see Baltimore Ransomware Attack Costing City $18 Million).

The state says that declaring an emergency will allow for “cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services and others to assist local governments in responding to and preventing future data loss.”

‘Electronic Virus’

Edwards has been moving the states toward a stronger cybersecurity footing.

In December 2017, he signed an executive order that created the Louisiana Cybersecurity Commission. The commission’s remit is to coordinate cybersecurity efforts with state agencies, local governments, private companies, educational institutions and federal agencies.

“The state was made aware of a malware attack on a few north Louisiana school systems and we have been coordinating a response ever since,” Edwards says. “This is exactly why we established the Cybersecurity Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat.”

The Sabine Parish School System issued a statement, according to WAFB 9, a local broadcaster. The school system says it was hit by an “electronic virus” on early Sunday morning, which disabled its IT systems and its central office phone system.

Sabine says the Louisiana Department of Education said that several other schools were “attacked by the same virus this week.” Officials with the Department of Education couldn’t immediately be reached for comment.

WAFB 9 reported that the principal of Florien high School within Sabine Parish, Eddie Jones, said his technology advisor received an alert on his phone early Sunday about “unusually high bandwidth usage.” The infection was apparently ransomware, according to Jones. All data held on the school district’s servers was affected, including 17 years worth of Jones’ documents, WAFB 9 reported.

Fourth School District Affected

Morehouse Parish School District posted an update on Facebook earlier this week saying was also affected but not to the extent as Sabine, and yet another district, Monroe City.

Morehouse Parish School District’s post on Facebook.

“There will be no delays and all major systems, including payroll, are operations,” Morehouse says. But it also warned the people should be mindful of “bank and credit card solicitations.”

On its website, the Monroe City School System says its systems were disrupted on July 8 and that it had notified law enforcement.

“While there are problems with system connectivity, we have no reason to believe there is any public safety issue,” it says. “We also have no indication that there was any unauthorized access of sensitive or private information. We also believe that full connectivity will be restored in the near future.”

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.