BATON ROUGE, La. (NBC Local 33) (FOX 44) — Louisiana Governor John Bel Edwards issued the state’s first-ever emergency declaration for a cyber-security incident on Wednesday, July 24, following cyber attacks on Sabine, Morehouse and Ouachita parishes.
Sabine Parish school officials said an electronic virus hit the school system on July 21, disabling some of the technology systems and the central office phone system.
The attack prompted East Baton Rouge Parish School System’s (EBRPSS) chief technology officer Richard Ellis, III, to send a list of tips to all school system employees highlighting ways to avoid potential cyber attacks.
According to EBRPSS director of communication and public relations Taylor Gast, security systems are in place to protect confidential student information. “(Our chief technology officer) asked that we not disclose the names of those systems in order to keep the system safe from hackers, etc.,” Gast told NBC Local 33.
The state-wide emergency declaration allows for state resources and cyber assistance to be given to school districts affected by the attacks.
The Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), is working with LSU’s applied research affiliate, the Stephenson Technologies Corporation (STC), and the Louisiana National Guard Cyber Team on the criminal event. GOHSEP is also cooperating with the FBI.
Malware such as ransomware is malicious software designed to deny access to a computer system or data until a ransom is paid. It’s typically spread through phishing emails or by unknowingly visiting an infected website. Once infested, the thieves hold the user’s data hostage until a ransom is paid, usually in digital currency like BitCoin.Stephenson Technologies Corporation at LSU
Gov. Edwards’ state of emergency declaration activated Louisiana’s Emergency Support Function 17, which is a cyber-incident response plan. Stephenson National Center for Security Research executive director Jeff Moulton oversees the ESF-17 subcommittee.
“Ransomware is not new,” said Moulton. “It’s growing in use at the state and local levels because the attackers know government agencies, especially at the lower levels, are likely to pay.”
Moulton also said hackers know that local government agencies, including school districts, often do not have the systems in place to protect against cyber-attacks. Hackers also may target these agencies because shutting down or interrupting services is unacceptable.
The cyberattacks on the school districts come after other major metropolitan areas, including Atlanta, Baltimore and several Florida cities, have had their city systems disrupted due to debilitating ransomware attacks in the past year.