(Bloomberg) -- Louisiana was targeted by an attempted ransomware attack that affected some of the state’s server computers, Governor John Bel Edwards said in a tweet.
In response, the state initiated “security protocols” and took its servers down, the governor said. The moves affected many agencies’ email, websites and other online applications, he wrote Monday on Twitter.
“The service interruption was due to OTS’ aggressive response to prevent additional infection of state servers and not due to the attempted ransomware attack,“ Edwards wrote, referring to the Office of Technology Services. “Online services started to come back online this afternoon, though full restoration may take several days.”
The state was attacked as election officials canvass the results of a tightly contested Nov. 16 gubernatorial election won by Edwards by about 40,000 votes. The tally is unlikely to be affected as the state did not suffer any data loss, nor has it paid a ransom, Edwards said. A spokesman for the Louisiana Secretary of State’s Office couldn’t be reached for comment.
The attempted intrusion amid the voting certification process is exactly the kind of problem cybersecurity experts are warning election administrators to prepare for ahead of the 2020 U.S. presidential election. The best weapon to combat an attack, they say, is a paper trail of ballots that can audited. Louisiana is one of 11 states in which at least some local jurisdictions don’t have a paper trail to ensure machine tabulations match voters’ intent, according to Verified Voting, a non-profit group.
The state said the attack was similar to ransomware that has targeted municipal governments and schools across the U.S. this year. Among the most popular is malware known as Ryuk, which extorts victims for about $300,000 and in the process has cost users “tens of millions of dollars,” according to FireEye Inc., a cybersecurity company.
Ransomware reports in state and local governments have nearly doubled in 2019, FireEye said. Attacks have become more elaborate than in the past, as the ransomware continues to proliferate after compromising individual targets.
“This methodology allows threat actors to maximize their disruption of the victim organization effectively increasing the likelihood that the victim will acquiesce to ransom demands,” said Kimberly Goody, manager, cybercrime analysis at FireEye. “While we believe that ransomware is typically opportunistic in terms of its targeting, state and local government organizations are an attractive target in part due to the high visibility and criticality of the services they provide.”