City services in New Orleans were hobbled Monday as the city operated under an emergency declaration following a cyber attack that locked down its main computer networks.
In the attack detected Friday, New Orleans became the latest major city to be hit by ransomware in what has become an epidemic that has crippled networks in Baltimore and Atlanta in recent months as well as hundreds of other municipalities and agencies.
The city declared an emergency and shut down its computers after detecting it was under attack by hackers with cyber tactics that included “phishing” attempts and ransomware.
City Hall was open and employees expected to report to work, but various municipal services and departments remained hobbled without some of the technology they typically rely on, according to officials.
Mayor LaToya Cantrell said the police department was “manually” recording incidents and had suspended background checks.
But she said fire and emergency medical services were not impacted and that a temporary website had been set up for some other services.
“The city remains actively involved in recovery efforts,” the mayor’s office said in a statement.
Security researchers said the city appeared to have been hit by a strain of ransomware which encrypted and locked down data from its contracts and revenue operations.
New Orleans officials told media over the weekend they had not received any demand for payment to unlock data.
Governments are considered ripe targets by hackers because they usually lack resources to invest in sophisticated cyber defenses and can be attack on may fronts, such as schools or town halls.
At least 174 cities around the world were victims of ransomware attacks in 2019, a figure up 60 percent from 2018, according to cybersecurity company Kaspersky.
The average amount of ransom demanded was said to be a million dollars, and has been as high as $5 million.
While the price seems high, costs of lost data or re-creating computing systems can be higher, making local governments inclined to pay ransom even if budgets are meager, according to Kaspersky.
A separate report by the security firm Emsisoft painted an even darker picture, citing 948 government agencies, educational establishments and healthcare providers impacted by ransomware this year in the United States alone.
“The threat level is now extreme and governments must act immediately to improve their preparedness and mitigate their risks,” Emsisoft said in a blog post.