Louisiana authorities investigating ransomware attack on city of Alexandria
Louisiana state officials are investigating a ransomware attack affecting Alexandria, a 50,000-person city about two hours outside of Baton Rouge.
On Thursday, the AlphV ransomware gang added the city to its list of victims. City officials initially confirmed that there was a cyberattack to local news outlet KALB, telling reporters that it was “notified of a possible systems breach.”
“The matter is currently being investigated. All City operations are continuing as scheduled,” city officials said in a statement on Thursday night.
Mike Steele, communications director at the Louisiana Governor’s Office of Homeland Security and Emergency Preparedness, told The Record on Friday that state officials had been pulled in to help with the response and investigation of the attack.
“Cybersecurity resources from the state have been deployed to help out with the situation. The city and parish reached out to the state for support and that’s when our team stepped in,” Steele said. “There is a criminal investigation at the state level as well as some federal agencies involved in a federal investigation as well.”
Steele could not provide details about how widespread the ransomware attack was but said they will have more information this weekend once an analysis of the attack is completed.
Emsisoft threat analyst and ransomware expert Brett Callow said the attack on Alexandria would be the 22nd reported incident affecting a local government in the U.S. this year.
Last year, 36 local governments in the U.S. reported ransomware incidents by June, and 77 were attacked by the end of the year, according to Callow.
Both 2019 and 2020 saw 113 reported ransomware attacks on local governments in the U.S.
On Friday, AlphV updated their post about Alexandria, threatening Louisiana Governor John Bel Edwards directly and referencing a series of ransomware attacks that crippled several state agencies in 2019.
In 2019, Edwards was forced to activate the state’s cyber incident response plan for the first time after multiple school districts were hit, including the Tangipahoa Parish school district as well as the Sabine, Morehouse, and Ouachita parishes.
“I declared a state of emergency and began executing the playbook. It was the first time in Louisiana’s history that a cyberattack was addressed like a disaster,” Edwards said during the National Governors Association’s biennial National Summit on State Cybersecurity last year.
“We activated state police, the office of technology services, and the national guard cyber team.”
During the 2019 attacks, the Lafayette Parish School System was forced to cut off all internet and phone connections to central offices as a way to mitigate the damage.
On Friday, AlphV said 2019 had “taught you nothing” and said the state “can’t get away” this time.
“Your servers are lying down again and the network is tightly closed and unavailable. We got more than 80 GB in compressed form of important data city [sic],” the ransomware gang said.
“Don’t make past mistakes and do the right thing. This time you won’t get away with it.”
The note also included a direct threat toward KALB, apparently for its brief report on the incident.
“Further data leakage will be on your conscience. Your tongue is your enemy. Nother personal, just business. Best regards. 1 word = 1 mistake = 1 file,” the gang said.
Callow said it was the first time he had seen a ransomware gang explicitly attempting to silence a media outlet.
“I can only assume AlphV believes press attention at this point in time would lessen their chances of being paid – which may be a good reason for the press to shine a bright light on the incident,” he said.
AlphV – also known as BlackCat – has attacked at least three U.S. colleges and universities this year, including Florida International University and North Carolina A&T University. Experts believe the group is a rebrand of the BlackMatter and DarkSide ransomware groups.
The FBI released an alert in April saying they have tracked at least 60 ransomware attacks by the AlphV group as of March. The group emerged late last year and became known for aggressively posting details about its victims publicly.