Global public infrastructure hit by ransomware attacks

Power has been knocked offline in Johannesburg and three schools districts are compromised in Louisiana

The Governor of Louisiana has declared a state of emergency after a handful of school districts across the state were hit by a wave of ransomware attacks.

The IT networks of at least three school districts - Sabine, Morehouse and Ouachita - were taken down after the attack last week, with local files encrypted by a gang of cyber criminals. Governor John Edwards has, as a result, declared a statewide emergency while authorities probe whether other public services and government agencies may be at risk.

This is the first time the state has declared such an emergency and allows for a greater level of state resources to be dedicated to ongoing investigations. Cyber security experts from Louisiana National Guard, State Police and the Office of Technology Services are also being roped into helping local government agencies prevent any further data loss.

"The state was made aware of a malware attack on a few north Louisiana school systems and we have been coordinating a response ever since," Edwards said.

Advertisement
Advertisement - Article continues below

"This is exactly why we established the Cyber Security Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat."

Meanwhile, a power supplier based in the South African city of Johannesburg was also struck by a malware attack yesterday as citizens with prepaid metres were unable to buy electricity or upload invoices.

The ransomware virus encrypted all of City Power's databases, applications and its network, effectively leaving people facing blackouts that, in some cases, have lasted more than 12 hours. The city of Johannesburg-owned energy supplier is working to restore power to affected regions.

This, of course, also follows a significant attack on the city of Baltimore in May in which thousands of government computers were infected public services were rendered offline for more than two weeks. Recovery costs for the attack are estimated to exceed $18 million.

This comes at a time where organisations in the UK have experienced an explosion of ransomware attacks since the start of the year. So far in 2019, researchers learned there have been 2.4 million encrypted malware attacks, almost the same number as detected throughout the whole of 2018, 2.8 million.

Both attacks also highlight just how tempting a target national critical infrastructure can be to cyber criminals, especially given the public sector cannot always boast the same degree of security and expertise as private sector organisations.

The Ukranian 'black energy' crisis, in which a virus took down the country's power grid, is among the most famous examples of cyber criminals crippling critical national infrastructure.

The UK's Joint Committee on the National Security Strategy (JCNSS), meanwhile, warned that it's "impossible" to protect the UK's national critical infrastructure from the sort of rampant cyber attacks that have struck Louisiana and Johannesburg.

An increasingly complex security landscape and the government's own shortcomings in assessing how widely connected infrastructure is becoming has been touted as potentially leaving the UK exposed to a second WannaCry-style attack.

The WannaCry virus, which crippled the NHS especially, is perhaps the most prominent example of ransomware taking down critical public services and critical infrastructure in the UK. But the attack, which will cost 92 million from which to recover, was actually a non-targeted attack, with the health service was simply swept up in the chaos due to unpatched legacy systems.

Advertisement
Advertisement - Article continues below

Should the NHS be struck by a targeted attack, according to a white paper prepared by the Institute of Global Health Innovation (IGHI) earlier this month, the scale of the damage could be many times higher.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019