Global public infrastructure hit by ransomware attacks

Power has been knocked offline in Johannesburg and three schools districts are compromised in Louisiana

The Governor of Louisiana has declared a state of emergency after a handful of school districts across the state were hit by a wave of ransomware attacks.

The IT networks of at least three school districts - Sabine, Morehouse and Ouachita - were taken down after the attack last week, with local files encrypted by a gang of cyber criminals. Governor John Edwards has, as a result, declared a statewide emergency while authorities probe whether other public services and government agencies may be at risk.

This is the first time the state has declared such an emergency and allows for a greater level of state resources to be dedicated to ongoing investigations. Cyber security experts from Louisiana National Guard, State Police and the Office of Technology Services are also being roped into helping local government agencies prevent any further data loss.

"The state was made aware of a malware attack on a few north Louisiana school systems and we have been coordinating a response ever since," Edwards said.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"This is exactly why we established the Cyber Security Commission, focused on preparing for, responding to and preventing cybersecurity attacks, and we are well-positioned to assist local governments as they battle this current threat."

Meanwhile, a power supplier based in the South African city of Johannesburg was also struck by a malware attack yesterday as citizens with prepaid metres were unable to buy electricity or upload invoices.

The ransomware virus encrypted all of City Power's databases, applications and its network, effectively leaving people facing blackouts that, in some cases, have lasted more than 12 hours. The city of Johannesburg-owned energy supplier is working to restore power to affected regions.

This, of course, also follows a significant attack on the city of Baltimore in May in which thousands of government computers were infected public services were rendered offline for more than two weeks. Recovery costs for the attack are estimated to exceed $18 million.

This comes at a time where organisations in the UK have experienced an explosion of ransomware attacks since the start of the year. So far in 2019, researchers learned there have been 2.4 million encrypted malware attacks, almost the same number as detected throughout the whole of 2018, 2.8 million.

Both attacks also highlight just how tempting a target national critical infrastructure can be to cyber criminals, especially given the public sector cannot always boast the same degree of security and expertise as private sector organisations.

Advertisement - Article continues below

The Ukranian 'black energy' crisis, in which a virus took down the country's power grid, is among the most famous examples of cyber criminals crippling critical national infrastructure.

The UK's Joint Committee on the National Security Strategy (JCNSS), meanwhile, warned that it's "impossible" to protect the UK's national critical infrastructure from the sort of rampant cyber attacks that have struck Louisiana and Johannesburg.

An increasingly complex security landscape and the government's own shortcomings in assessing how widely connected infrastructure is becoming has been touted as potentially leaving the UK exposed to a second WannaCry-style attack.

The WannaCry virus, which crippled the NHS especially, is perhaps the most prominent example of ransomware taking down critical public services and critical infrastructure in the UK. But the attack, which will cost 92 million from which to recover, was actually a non-targeted attack, with the health service was simply swept up in the chaos due to unpatched legacy systems.

Should the NHS be struck by a targeted attack, according to a white paper prepared by the Institute of Global Health Innovation (IGHI) earlier this month, the scale of the damage could be many times higher.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020