New Orleans Struggles To Fix Computer Systems After Cyber Attack
ARI SHAPIRO, HOST:
New Orleans is having a difficult week. City officials are dealing with a cyberattack that has crippled computer systems. It's just the latest attack on a city by cyberthieves who want money. Jessica Rosgaard of member station WWNO reports.
JESSICA ROSGAARD, BYLINE: At about 5 a.m. on Friday, December 13, New Orleans government employees noticed suspicious activity on the city's internal network. Mayor LaToya Cantrell says within a few hours, officials had confirmed a cyberattack.
LATOYA CANTRELL: We were absolutely compromised. We wanted to make sure that we disconnected all of our systems. And we went from floor to floor to floor to floor to make sure that we did just that.
ROSGAARD: Ransomware was detected in the attack, though officials haven't received a ransom request yet.
Meanwhile, city operations have been disrupted. Some police officers are using personal computers. Bodycam footage isn't being archived. Judges in municipal and traffic courts have canceled hearings for the rest of the year. And the City of New Orleans' webpage is still not functioning. Mayor Cantrell says thousands of government computers need to be inspected to ensure there's no malicious software.
CANTRELL: It will absolutely go into - to next week. But we're telling our people to act like - you know, we're going to be in this manual mode through the end of the year.
ROSGAARD: Superintendent Shaun Ferguson says the New Orleans Police Department is still functioning but hobbled, doing some tasks by hand.
SHAUN FERGUSON: We have not been impacted with field services at all besides our report writing. We are handwriting our reports, arrest warrants, as well as search warrants.
ROSGAARD: And because they're working offline, the department can't fulfill requests for public records or subpoenas. Numerous other city agencies, including the health department and city job search programs, are all trying to function without computers. Louisiana Governor John Bel Edwards said the attack is something that governments will have to learn to deal with.
JOHN BEL EDWARDS: And this really is the new normal. And just look at what's happening around the country. It's - you know, this isn't precise, but it seems to me this is happening every week to 10 days here in Louisiana.
ROSGAARD: Just last month, Louisiana's Department of Motor Vehicles (ph) was crippled by a cyberattack. That followed similar ones in Maryland, Georgia and Florida over the summer. Mark Rasch is a former Justice Department prosecutor for cybercrimes.
MARK RASCH: Most of these attackers are just after money, and they don't really care whether they disrupt municipal services or not. They know that if they are able to disrupt municipal services, you're more likely to pay.
ROSGAARD: Rasch says the cost of data recovery can be anywhere from 10 to 100 times the ransom request. And while paying the ransom may be cheaper and easier than the recovery, governments don't want to be held hostage.
RASCH: And one of the big debates going on right now is whether municipalities should universally refuse to pay these ransoms.
ROSGAARD: Cybersecurity insurance can help offset those data recovery costs but can't get systems back online faster. And it's that time sensitivity that Rasch says plays into the hand of the attacker.
RASCH: The hackers are targeting systems that are time critical - police, fire, ambulances, hospitals and the like. And those are the ones where people are much more likely to pay - because they can't be offline for a day or two or three.
ROSGAARD: Rasch says the best way to recover from a cyberattack is to prevent one in the first place. Cyber-resilience means municipalities have to dedicate money to planning, testing and backup systems. But computer networks will likely never be 100% protected from hackers, meaning the very systems that help government function leave it vulnerable to being shut down.
For NPR News, I'm Jessica Rosgaard in New Orleans.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.