[BreachExchange] Louisiana Government Has Spent $2.3M Related to Cyberattacks

Destry Winant destry at riskbasedsecurity.com
Fri Mar 6 10:11:30 EST 2020


https://www.govtech.com/budget-finance/Louisiana-Government-Has-Spent-23M-Related-to-Cyberattacks.html

(TNS) — While Louisiana didn’t pay a ransom demanded by hackers who
launched a cyberattack against state government servers last fall, the
state has paid $2.3 million responding to that and other cyberattacks
across the state over the past year.

The Division of Administration, which oversees the technology office
that dispatches staffers throughout the state to respond to various
cyberattacks, spent the money on five incidents over the past year,
according to figures provided by the division.

Jacques Berry, an administration spokesman, said the vast majority of
the costs were from paying for staffers to who went to various school
districts, state agencies and New Orleans to help reimage computers
afflicted with ransomware.

Louisiana Joins Antitrust Probe into Google as Scrutiny of Big Tech
WidensRansomware Again Strikes Louisiana, Forcing Server
ShutdownsLouisiana IT Official: Ransomware Attack ‘Not Catastrophic’

“The vast majority is human assets,” he said. “Along with that there
were some equipment software licensing costs for upgrades here and
there that we took advantage of the situation to go ahead and do.”

The state spent the bulk of the money – about $1.7 million –
responding to the ransomware attack on state government in November,
which crippled the state Office of Motor Vehicles for weeks.

The state also spent about $333,000 responding to cyberattacks against
seven school districts last summer in north Louisiana, $65,348 on the
ransomware attack against New Orleans’ city government, $61,268 on an
attack in St. Helena Parish and $184,985 on an attack against the St.
Landry Parish School Board.

Gov. John Bel Edwards’ administration is seeking to recoup the costs
in a supplemental budget bill that will be debated by lawmakers this
spring. That bill spends the excess tax collections from the current
fiscal year.

New Orleans city government said last month it would spend more than
$7 million in past and future costs responding to the ransomware
attack that hit City Hall in December. Those costs came primarily from
fixing city email services and networking infrastructure.

The $2.3 million figure does not include any future plans to modernize
agencies' computer systems, which Commissioner of Administration Jay
Dardenne suggested would need to be funded in the coming years during
a budget hearing last month.

Cyberattacks, in which hackers gain access to government computers and
lock users out unless they pay a ransom, have proliferated in
Louisiana in recent months and caused headaches for a host of state
and local agencies. Gov. Edwards created a cybersecurity commission to
respond to the attacks and last month warned local officials such
ransomware attacks would inevitably come for them.

Dardenne, in a budget hearing last month, said many state agencies are
in “the dark ages” operating on outdated computer systems that need
replacing.

The state Office of Motor Vehicles, which had locations shuttered for
weeks after the ransomware attack in November, has a 45-year-old
computer system that is in the middle of being updated.

Karen St. Germain, commissioner of the OMV, said the agency is about
nine months into a three-to-four-year project updating the computer
systems. So far, the agency has spent nearly $2.4 million on that
project, she said.

“The biggest obstacle is getting the information moved from the system
it’s in now and that’s really the lengthy part into something that’s
at least 20th century instead of 19th century,” St. Germain said.

Dardenne told lawmakers last month the administration also plans to
create a pot of around $10 million to serve as a cybersecurity
emergency response fund to deal with cyberattacks. He also said
various agencies have old computer systems that need upgrades.

“We have addressed that and it’s a big, big challenge,” Dardenne said.
“We’ll have to make collective decisions on where we put that money.
It’s a growing concern and it’s not going away.”


More information about the BreachExchange mailing list