Louisiana Governor John Bel Edwards activated the State’s cybersecurity team recently after several State offices’ computers started acting strangely. The IT team identified an intrusion of Ryuk ransomware, what programs were affected, and shut down computers to avoid spread of the infection.

During the outage, some State offices had no access to email, internet or applications in order to assist residents. All outgoing network traffic was terminated while investigating the cause of the infection to prevent it from spreading further. State departments were unable to provide services or information to the public while responding to the attack and investigating its cause. This included 79 offices of the Office of Motor Vehicles, which were completely shut down, meaning people could not obtain or renew drivers’ licenses or vehicle registrations. The Secretary of State’s website and app were down, and the Department of Health had no internet or email access. Those applying for coverage under Medicaid were unable to apply during the outage. The Louisiana Public Service Commission was unable to upload any reports, inspections or applications to its online database, and the Department of Revenue’s computers were silent. The attack also prevented people from applying for food stamps.

All in all, it took the State about one week to recover from the attack and to get all agencies back online. According to Louisiana officials, it was the most significant cyber event that Louisiana has ever faced, and affected 500 of the State’s 5,000 servers and more than 1,500 of its 30,000 computers. It appears that the attack was caused by a phishing attack, as the intruder was able to access the State’s system using a valid user name and password prior to downloading the Ryuk ransomware. Louisiana officials are reporting that no data was stolen during the attack, and that they will work with citizens and grant leniency as applicable, such as when someone is fined for not being able to renew their driver’s license during the outage.