As school districts prepared for the start of the new year, Louisiana Governor John Bel Edwards declared a state of emergency after four districts were hit with ransomware attacks.¹ Making the declaration allowed state funds and resources to be allocated to help the local agencies recover from the attacks, bringing in the Louisiana National Guard, the Louisiana State Police, the Office of Technology Services, and the FBI. In addition to the emergency declaration, Edwards activated a cyber-incident response plan that, although it was created two years ago, had not yet been used. This plan, the Emergency Support Function 17 (ESF-17), is overseen by Jeff Moulton, the Executive Director at the Stephenson National Center for Security Research.
Moulton broke down why state and local government agencies are prime targets for modern hackers:
- attackers know government agencies, especially at the lower levels, are likely to pay
- hackers know that local government agencies…often do not have the systems in place to protect against cyber-attacks
- shutting down or interrupting services (in these agencies) is unacceptable
Louisiana wasn’t the only state with school districts left reeling from cyber attacks. Houston County School District in Alabama pushed back the start of their school year from August 1 to August 12 after malware took down their computers and phone systems.² The lengthy recovery time is due, in part, to the fact that they have to physically reboot the district’s 4,000 computers, as well as rebuild their network.
These are just the latest in the ongoing cyber attacks that have been hitting government agencies, large and small, and it doesn’t look to be slowing down any time soon. In a ransomware attack, if an agency does not pay the ransom, the costs are often much higher than simply paying up. In an update on a ransomware attack in Fayette County, Ohio, county commissioner Dan Dean said that they have been “trying to keep track of the cost of everything that’s involved including employee time, overtime, equipment that’s either been ruined or destroyed,” etc. After 2 months, not everyone yet has full access to email and data.
Not sure if you are equipped to handle a cyber attack? Contact us today to see how our comprehensive services — Security Risk Assessment, Security Awareness Training, Risk Management, and Disaster Recovery Planning — can help save you from the costly headaches of criminal cyber activity.
- Vincent, Mykal. (2019, July 26). LSU tech corporation offers cyber-security tips in wake of statewide emergency. Retrieved from https://www.wafb.com
- Riley, Sable. (2019, July 30). Server hack issues delay Houston Co. Schools another week. Retrieved from https://www.dothaneagle.com