Louisiana Governor Declares State Emergency After Local Ransomware Outbreak

Louisiana Governor John Bel Edwards has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multiple school districts. ZDNet reports: The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes -- Sabine, Morehouse, and Ouachita. IT networks are down at all three school districts, and files have been encrypted and are inaccessible, local media outlets are reporting. By signing the Emergency Declaration, the Louisiana governor is making available state resources to impacted schools. This includes assistance from cybersecurity experts from the Louisiana National Guard, Louisiana State Police, the Office of Technology Services, the Governor's Office of Homeland Security and Emergency Preparedness (GOHSEP), and others. State officials hope that additional IT expertise will speed up the recovery process so schools can resume their activity and preparations for the upcoming school year. Earlier today, some residents of Johannesburg have been left without electricity after a ransomware infection.

Re:

[The New Guy 2.0]

We seem to have some Interpol problems these days... hacking is limited in the USA, but Russians seem to have the ability to send packets that are banned here.

Re:

[The New Guy 2.0]

Uh, once a student clicks on the wrong .exe it's too late to unplug anything.

Re:

[Mr. Dollar Ton]

So, just like that Iranian engineer, eh?

Re:

[Mr. Dollar Ton]

No, the one who got shot for clicking on the file with the Stuxnet virus.

Re:

[Ocker3]

Does the student also have admin rights on the server? When you're getting attacked by serious teams who know what they're doing, sometimes smaller enterprises just don't have the resources to fight back, only shut down and restore everything from backups (which hopefully aren't also compromised). With BYOx being So common, the amount of hostile traffic coming from authenticated users Inside your network is a huge PITA.

Re:

[rtb61]

It has impacted three school districts as in every school in each district, so clearly this is a high level admin security failure and not something happening at school level. At least one benefit, find what is common with those three districts and you are on the path to tracking the insider who did it, although it is likely they did not attack every school district they could for the same reason, similarly figuring out which school districts they could have attacked and didn't will likely help point the fi

Re:

[BarbaraHudson]

Does the student also have admin rights on the server?

Probably. It's high school.

A student probably IS the administrator in some of them.

Re:

[drinkypoo]

High schools won't trust students with that kind of access, and colleges don't need to, since tuition is high enough these days to hire IT staff.

Re:

[plloi]

Can confirm. Myself and my 2 best friends in high school where the admins for my junior and senior year. Dunno who got the job when we graduated.

Re:

[apoc.famine]

That was decades ago. I work with a number of schools semi-regularly, and I can tell you that they all have non-student IT staff. You can find the job postings for IT admins regularly. Computers and internet access are now a critical part of school administration, education, and curriculum, and it's no longer left to students to manage.

I too recall hiding games on the IT network when in high school because we had root access. That sort of thing is no longer common.

Re:

[bjwest]

Administration systems should not be accessible from student computers in any fashion that would allow for something like this.

Re:

[ZuckFucker]

And his account shouldn't have access to affect anything in the first place. Otherwise there effectively isn't any security at all. I disturbing and annoying trend I've seen recently is IT "security experts" using the Windows registry to disable command line options. So no more R calc to run a calculator for example. No cmd.exe (though I don't know why most people would need that one). One group of douchebags blocks cmd.exe but left powershell open somehow. In any case, that doesn't increase their security

Re:

[Bert64]

So first give the students chromebooks, they can't click on arbitrary executables.

Second keep the students on an isolated network away from the actual backoffice network of the school.

Chances are ransomware attacks on schools have nothing to do with the students, and were targeting the back office network used by staff.

Re:State of emergency?

[stealth_finger]

Uh, once a student clicks on the wrong .exe it's too late to unplug anything.

If something a student clicks can fuck your whole network, you have bigger problems.

Re:

[stealth_finger]

I understand your thought but you seem to VASTLY overestimate how things happen in the real world.

Not every school is set up with your perfect network security protocols, they're slapped together by people working on minimum wage and held together by hitting "Remind me later" on every windows update.

It's bad.

Yeah, those are the bigger problems.

Re:

[Ryzilynt]

"I have a question."

"Does Barry Manilow know you raid his wardrobe?"

Re:

[luther349]

all the admin machines should be vms with snapshots. that way if this happens you can quickly restore. but public schools never have a good setup and normally stock unpatched end of life windows.

Anti-Vax

[jfdavis668]

This is what you get when everyone is Anti-Vax. Chicken Pox, Measles and Ransomware.

Re:Anti-Vax

[Megane]

True, VMS would have saved them.

Re:

[jfdavis668]

This needs moded up.

Differential Backups

[Anonymous Coward]

Perhaps they havent heard of them down in the south yet? Ransomwarezzzz? "ohh bummer.. i guess we will loose todays data, but thanks to our backup strategy it is ONLY todays data". Said no government entity ever, besides the 3 letter agencies (fbi excluded) of course

They will blame everyone but the

[Revek]

Substandard employees that they hire. They will blame IT first. Ideally their IT should have proper backups that are air gaped at some part of the process. But ultimately these things happen because clueless employees allow it to happen.

Re:

[Gojira Shipi-Taro]

Heavens! Are you saying that getting the cheapest contractors they can find isn't the best financial decision they could have made? But those nice MBAs assured them that running things like a cutthroat corporation was the best way!

Re:

[Revek]

Heavens no. For instance I know of a city municipality that has the wan side of their internet merged with the lan side of their network. potentially exposing their whole infrastructure. I know and I told them but they would rather trust the guy who did the wiring to know more about networking than the guy who configured their fiber circuit. I'm sure that when they get their asses hacked again they will try to cast the net wide looking for anyone other than themselves to blame. That is why I fired off

Re:

[Rockoon]

But they hired the comptrollers brother! Nothing can go wrong.

Re:

[gweihir]

Well, the MBA morons think that one unit of "employee xyz" is of course exactly the same as another one. Hence getting the cheapest ones does make sense to them. It is a sure recipe for an eventual collapse, of course.

Re:

[AmiMoJo]

It's almost certainly the fault of the person who set the budget.

Next on the list is IT, because any plan which requires the users to not make mistakes is bound to fail.

Re:

[Revek]

The city I've mentioned in a previous post uses a company that can't keep decent it staff. They pay their techs a maximum of $15 dollars an hour. As soon as their people get a little experience, they move on. Their current IT guy thinks a factory reset on the router is required to do anything to it. He has reset it twice and left them without internet. The next time I'm not going to bail them out. The pretty much burned a bridge with me and I only have to wait until it goes down and stays down a day

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[apoc.famine]

Yep.

What kills me about the low-tax, free market crowd is that they don't seem to be able to link these ideas together. If you want competent teachers and other school staff, you need to pay enough that competent people want to do that job.

Starting salary around here for a teacher who has to have a bachelor's degree at minimum, with a master's preferred is mid-$50k. For someone with a BA in English, that's not bad. But how do you get someone with a MS in a STEM field for that sort of money, when they could,

Re:

[grapesandwich]

Lol I agree! I feel like the first people to blame IT for their problems are also most likely the most incompetent in terms of technology.

Pay no attention

[AndyKron]

Move along everybody nothing to see here.Pay no attention to that naked man behind the curtain.

When I hear of X suffered a ransomware whatever

[ChoGGi]

I wonder if IT gets the budget it needs (for backups), or slashed and someone fired.

I got nothing (just like Louisiana).

Miss the days

[imagekiwi]

Miss the days where tyhe mojority of slashdot comments focused on the technical side and steered away from the political side of things. Mind you the headline doesn't give anything away about to which type of ransomware!

Re:

[houstonbofh]

My guess is ryuk. It is really hot right now, and usually targeted with enough pre-discovery to hose the backups before triggering. It is nasty, unless you have totally out of band backups somewhere.

Re:

[AmiMoJo]

On the technical side, is most of this ransomware still using old NSA exploits? It sounds like they haven't been keeping their systems up to date.

Re:

[couchslug]

As do I, but it reflects a deliberate editorial slant away from tech and of course, laziness.

Re:

[MobyDisk]

To further your point, we *need* to know the technical side because if the hackers are using exploits developed by the NSA, then we need to hold the NSA accountable. The US government needs to be helping companies secure themselves, not providing tools to hackers. This concept of developing advanced threats then holding onto them is foolish and the mindset needs to change. If you hold onto a known threat you put *everyone* at risk, not just the bad guys.

Off topic - Saw your rep at the Mueller hearings

[Blinkin1200]

Not a fan. If I had sent the ransomware your way I'd delete the encryption keys. You don't deserve to have your data back.

what kind of it was this school using

[luther349]

when i was in school in the late 90s we kept all are data from computers on external storage so if a computer failed it was easy to reset it and be back up before the next class. clearly there not doing this anymore if they need a state of emergency to deal with the ransomware vs restoring from backups.

Re:what kind of it was this school using

[CrimsonAvenger]

when i was in school in the late 90s we kept all are data from computers on external storage

I'm curious - what school(s) did you go to? Where I live, they pretty much teach you how to spell "our" pretty early, and don't let you get away with the "are" spelling from a very early age....

Re:

[couchslug]

Deep Freeze and relatives make restoration of workstations as easy as a reboot, and some of the solutions are free. Many schools use it since the only thing deadlier than ransomware is student users.

Re:

[drinkypoo]

None of the software-only solutions are particularly worth deploying. Clever malware will find those partitions and eat them anyway.

Re:

[luther349]

if you backend is linux and the machines are vms you just restore the snapshots pre ransom ware.

Malware finally found a way to make real money

[MobyDisk]

For years, malware was used for things like nabbing credit card numbers and selling them on the black market, or for sending spam emails. Deleting files and defacing web sites was good for the lulz, but nobody made money off that. But two concepts changed all that: Ransomware + Cryptocurrency. Now, ransoming files is safe AND profitable! Expect to see more and more of this.

Ransomware is really kinda genius when you think of it as a business model. The hacker steals the files - but does not need to stor

love seeing the impact of cheap government

[WindBourne]

rather than having effective government, we simply have government that gives our money to their friends. yeah.

Bitter pill ...

[CaptainDork]

... but if this turns pandemic, maybe we'll finally get a goddam resolution.

The only fucking thing that works within budget is to have offline backups.

For ransomware, they don't even have to be offsite (which they should be for disaster response).

Change backup media out every day for two weeks. EHD are very cheap as a third-level safe harbour.

It's the only strategy guaranteed to work.

--

All those gold-plated enterprise-level solutions involving user education, expensive over-hyped hardware and software solut

Wonder if Louisiana mayors participated in...

[3seas]

https://www.cnet.com/news/us-m... [cnet.com]

Well...

[Mr. Dollar Ton]

This is what you buy with "low taxes" and "trickle down".

Re:Well...

[Zontar The Mindless]

—and a Windows monoculture.

Re:

[Mr. Dollar Ton]

When you go too low, all your orifices are within easy reach.

Re:

[The New Guy 2.0]

I'm not so sure schools are pure Windows anymore... I've seen reports of them using iOS devices. Chrombooks, and Linux on Raspberry Pi devices.

Re:

[stealth_finger]

While I've heard that too I think the evidence contradicts those claims...

Because macs are immune?

Re: Well...

[nehal3m]

They literally did not mention MacOS. You seem a little rabid.

Re:

[SuricouRaven]

I work in a school. Chromebooks and iPads are certainly used a lot in education - but the bread-and-butter of school IT, in every school, is Windows. On desktops, or on laptops. It really has to be - the ICT classes need it because their course materials and exam standards expect it. Plus we like Active Directory - there's nothing so easily administered for managing large numbers of desktops on other operating systems.

Re:Well...

[Bert64]

Plus we like Active Directory - there's nothing so easily administered for managing large numbers of desktops on other operating systems.

The thing with centralised administration is that if compromised, it becomes centralised compromise and allows the ransomware (or whatever else) to infect every machine simultaneously.
Active directory is not very secure by default, and is extremely complex... Actually keeping it secure is extremely difficult and expensive, requiring significant investment, highly skilled staff and quite a lot of inconvenience for users.

Active directory is far from easy if you actually want it to be secure, if you want it to be easy then it also becomes easy to compromise and significantly increases the damage from a ransomware infection.

Re: Well...

[Anonymous Coward]

Active Directory is easy to secure if you aren't stupid. Don't expose it directly to the internet and firewall off all non essential ports.
And Centralized data stores are easy to restore if compromised. Just use your offsite/offline/warm backup/restore plan. You test that regularly, offline, with false hw date clocks, so even if there is a timebonb strawman to worry about, you've git it covered.

Re:

[Monoman]

I always find this info handy to better understand ports needed and not needed.

https://support.microsoft.com/... [microsoft.com]

Re:

[luther349]

yep i did not even see a windows 9x machine in school until i was in a tech school. they where all old 3.1 machines and mostly macs.

Re:

[luther349]

yea schools where never windows. heck my grade school still has apple 2 machines. it was not until high school did you see the 386 windows machines but they where pretty rare it was mostly mac with mac os. schools rarely upgrade there hardware.

Re:

[CryptoJones]

It depends on where the school is. Where I am (midwest, USA) the schools use mostly macs/ipads.

Re:

[WindowsStar]

Every School I have worked with are on pure Apple products or Chrome books. No Windows at all.

Re:

[Bert64]

Perhaps apple or chromebooks for the students, but the back end administration of the school will usually be done on a windows network thats setup like any small office network. There may or may not be a decent level of segregation between the student network and the administration network.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[ls671]

Most of them have backups. They just don't know backups should be pulled by the backup servers and that production servers should have no access to the backups. The production servers push the backups to the backup servers and often have full access to them so when the production servers get compromised, every versions of the backups get encrypted too instead of only the few last versions.

Re:Well...

[gweihir]

—and a Windows monoculture.

And apparently no backups and no Business Continuity Management.

IT is not cheap. It is just cheaper than doing it in the traditional ways. If you try to do it on the cheap, it can get very expensive though, and that is why you do not if you have a clue.

Re:

[CaptainDork]

And a monoculture of under-funded IT departments.

Re:

[Mr. Dollar Ton]

These are no "psychopaths", they are business people. They do what pays.

Re:

[_Sharp'r_]

What does Democratic Governor John Bel Edwards have to do with low taxes? Louisiana spends $11K/student, about the same as California, which is pretty damn high for a State with such a low cost of living in comparison.

Re:

[greythax]

We are still fixing 8 years of Jindal running for the republican presidential nomination. Also, do to us having the universes most convoluted state constitution, our education budget is just about the only thing politicians can raid (legally) when they want to procure funds for pet projects.

Re:

[grapesandwich]

Well, the state of emergency is "trickling down." The residents are finally getting the government aid they needed. It only took a major screw up to do it! If I was a local school strapped for funding, I'd click on EVERYTHING to get free database updates and changes from the government haha! I'd beg to have that happen!

Re:

[Mr. Dollar Ton]

This is a different "trickle down", though.

Re:

[CaptainDork]

They aren't paying teachers very much. Why in simple hell would they pay IT staff and pony up for best practices?

If the schools have air-gapped backups, they'll be alright.

Re:

[Ryzilynt]

Troll

Re:

[The New Guy 2.0]

Paying ransom once means they're likely to repeat this incident... not the right solution, try antivirus.

Re:

[Antique Geekmeister]

Paying the ransom _may_ be much cheaper. I'm afraid to say that I've encountered too many expensive backup schemes that are incomplete and untested, and that a disastrous and dangerous recover scheme was necessary when a single point of failure did just that.

Re:

[gweihir]

Paying the ransom _may_ be much cheaper.

Not if you do not fix the root-causes for such attacks being possible. And if you pay the ransom, you bear a part of the responsibility for others getting attacked because you encourage the scum that runs these attacks.

Since fixing the root-causes is probably at least a long-term project, these people may just get hit again and again and again. Not that they deserve any better for their shoddy way of doing things.

Re:

[apoc.famine]

And if you pay the ransom, you bear a part of the responsibility for others getting attacked because you encourage the scum that runs these attacks.

I'm not really sure that the logic for that follows.

This assumes that it's the same group doing all of the attacks. In reality, there are multiple.

It's entirely possible that a large percent aren't successful and quit, and then are replaced by others who have seen the news articles and want to get in on the action. That sort of cycle seems common among spammers. Those sending the spam are paid to send it by people who think it works. In actuality it doesn't work very well, but it's existence is enough to ca

Re:

[gweihir]

And if you pay the ransom, you bear a part of the responsibility for others getting attacked because you encourage the scum that runs these attacks.

I'm not really sure that the logic for that follows.

This assumes that it's the same group doing all of the attacks. In reality, there are multiple.

It does not assume a single attacker at all. The logic is so simple that I find it really surprising you do not follow it. It is basically: Somebody does ransomware attack -> somebody makes a huge profit -> lets do these attacks ourselves/lets do more of them.

Re:

[grapesandwich]

Or just block people from opening certain files and restrict them from only being able to do the basic stuff. Also this should be a heads up to people. HAVE BACKUPS! I don't understand how any enterprise can overlook this. Yeah it's expensive, but what's cheaper? Maintaining that, or being locked out of your data for a while/forever or having to pay a ransom that would've cost the same if not more?

Re:

[stealth_finger]

cheaper to pay the ransom

Probably cheaper to have a decent backup solution but there you go.