A ransomware attack targeting the city of New Orleans has inflicted $7 million in losses so far, with more to be incurred in coming months, Mayor Latoya Cantrell said in a recent update.
At 5 a.m. on December 13, New Orleans was becoming the latest victim in a long string of ransomware attacks directed as U.S. municipalities, throwing the state of Louisiana’s most populous city into a state of emergency.
Employees were told to disconnect all computer systems, including servers, and halt all work. The attackers had made no ransom demands, suggesting the attack was meant to disrupt the city and dent its economy. However, this is not confirmed.
Despite training to handle downtime thanks to its preparedness for hurricane season, the city is bleeding money in recovery costs, Cantrell said. The city is out $7 million so far and is expected to spend more on system upgrades and cybersecurity investments. Officials said $3 million will be recovered from the city’s cyber insurance.
“This is something that we have to deal with as a city and it is an expense that we also have to eat as a city,” said Cantrell. “It speaks to the priority of infrastructure that has always been a priority of mine and it also speaks to the real push for maintenance of infrastructure. This will be ongoing.”
Gilbert Montano, the city’s chief administrative officer, expects staff to struggle for at least six to eight more months before day-to-day operations return to normal.
“Now, we’re in the stabilization period,” said Montano. “We are trying to rebuild what we had to turn off essentially and that is a long, laborious, time-sensitive process and that’s where I am telling staff and employees we’re looking maybe at a six to eight month window before actual normalcy starts to integrate all of our systems.”
Chief Information Officer Kim LaGrue reveals the city was using legacy systems when the infection took place, meaning the contagion could stem from an unpatched vulnerability.
“Cleaning over 3400 computers was necessary in that recovery,” LaGrue said. “We realized we would lose some of those computers because we also build a stronger cyber security platform and on that new platform certain antiquated devices just could not be recovered, would not operate in this new platform.”
According to fox8live.com, the cyber attack has pushed the deadline to pay property taxes to February 14.