BATON ROUGE, La. (WAFB) - Roughly 1,500 of the state’s 30,000 computers were infected by a virus Monday during an apparent cyber-attack, the Office of Technology Services (OTS) told lawmakers on the Joint Legislative Committee on the Budget Friday.
The attack forced the state to shut down a number of state websites and services as a precaution, and some services remain impacted. By next Monday (Nov. 25), state officials expect to have state services completely restored, including at the Office of Motor Vehicles.
“This was a sophisticated and coordinated attack,” Underwood said. “This was not some malcontent teenager in their parents’ basement somewhere. I would venture to guess this happened outside the boundaries of the United States.”
Before state offices opened this Monday (Nov. 18), hackers used a valid state login to make unauthorized changes to the state’s computers, according to OTS’s Neal Underwood. He could not confirm how the login was obtained, but says the state has identified which account login the hacker used to plant the virus.
The “ransomware” attack put a special password on state data, effectively holding it hostage until the state paid up or corrected the problem. Neither the hackers, nor the state, could access the infected data at this time.
“I can assure you that none of the actual data in our enterprise was inappropriately access,” Underwood told lawmakers. “It was only the systems that provided access to that data."
Within hours, OTS detected the issue and disconnected computers from the state’s servers to prevent further infection. This precautionary measure is responsible for the website outages and halt to state services, not the attack itself.
The state failed to crack the code and could not retrieve its data. But instead of paying the ransom, the state wiped its hard-drives and is in the process of restoring its computers with uninfected back-ups.
Per state policy, Louisiana does not negotiate with hackers or pay ransoms.
“There have been lots of cases where personal information has been lost or released to other folks and that didn’t happen in this case,” Sen. Sharon Hewitt, R-Slidell, said. "That’s great news for the people in Louisiana.
Underwood could not confirm an earlier postulation from a state cyber-security commissioner that someone downloaded an unauthorized program containing the virus onto a state computer.
Gov. John Bel Edwards has issued an emergency declaration that temporarily suspends certain regulations that would normally penalize drivers with expired licenses, for example.
“We appreciate the patience of the public as our team of experts has worked around the clock to restore online services related to this cybersecurity issue,” Gov. Edwards said. “We know that some people may have missed filing deadlines or incurred fees because of the outage, which the emergency declaration allows us to correct so that the members of the public are not penalized unnecessarily.”
In addition, Edwards is expected to mobilize the Louisiana National Guard to assist in wiping the 1,500 infected computers and re-installing their software through a process called re-imaging. OTS workers, alternating on 12-hour shifts, are already addressing the problem at all hours of the day.
Underwood says the state is also making small improvements to their security systems while they restore state servers. This is not as simple as installing stronger firewalls, but instead changing how the old technology communicates with new technology.
Because the OMV’s technology is nearly 40 years old, the servers did not reboot as expected, Underwood said.
“We do have a project in place to build a new, more modernized system,” he said. “But when you have that old technology, it’s like an onion with lots and lots of layers. You have to bring it up on piece at a time.”
Underwood said the state had aimed to open the OMV earlier, but officials chose to spend the weekend conducting tests to ensure its system would work properly. It is still slated to re-open Monday.