A ransomware
attack targeting the city of New Orleans has inflicted $7 million in losses so
far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a
recent update.
At 5 a.m. on December 13, New Orleans was becoming the latest victim in a long string of ransomware attacks directed as U.S. municipalities, throwing the state of Louisiana’s most populous city into a state of emergency.
Employees
were told to disconnect all computer systems, including servers, and halt all
work. The attackers had made no ransom demands, suggesting the attack was meant
to disrupt the city and dent its economy. However, this is not confirmed.
Despite training
to handle downtime thanks to its preparedness for hurricane season, the city is
bleeding money in recovery costs, Cantrell said. The city is out $7 million so
far and is expected to spend more on system upgrades and cybersecurity
investments. Officials said $3 million will be recovered from the city’s cyber
insurance.
“This is
something that we have to deal with as a city and it is an expense that we also
have to eat as a city,” said Cantrell. “It speaks to the priority of
infrastructure that has always been a priority of mine and it also speaks to
the real push for maintenance of infrastructure. This will be ongoing.”
Gilbert
Montano, the city’s chief administrative officer, expects staff to struggle for
at least six to eight more months before day-to-day operations return to
normal.
“Now, we’re
in the stabilization period,” said Montano. “We are trying to rebuild what we
had to turn off essentially and that is a long, laborious, time-sensitive
process and that’s where I am telling staff and employees we’re looking maybe
at a six to eight month window before actual normalcy starts to integrate all
of our systems.”
Chief
Information Officer Kim LaGrue reveals the city was using legacy systems when
the infection took place, meaning the contagion could stem from an unpatched vulnerability.
“Cleaning
over 3400 computers was necessary in that recovery,” LaGrue said. “We realized
we would lose some of those computers because we also build a stronger cyber
security platform and on that new platform certain antiquated devices just
could not be recovered, would not operate in this new platform.”
According to fox8live.com, the cyber attack has pushed the deadline to pay property taxes to February 14.
As reported by msspalert.com, the city plans to raise its cyber insurance coverage from $3 million to $10 million in 2020.