Magnify / Pensacola, home of the Naval Flight School and a training center for cyber warfare, was still recovering from a massive shooting at the Naval Station when ransomware hit the town’s network.
On December 7 – less than a day after a massive shooting at Pensacola Naval Station – the city of Pensacola, Florida, was struck by what was originally described as a generic “cyber incident.” A city spokesperson has since confirmed that ransomware had hit a number of city servers by removing telephones, e-mail, electronic “311” service requests and electronic payment systems.
Pensacola, with 52,500 inhabitants, is located in the “panhandle” of the Florida Gulf Coast. Pensacola is not only the home of the US Pilot Training Center, but ironically, it is also home to one of the training centers for the Navy’s information warfare command.
Pensacola spokesperson Kacee Lagarde said in a statement that the Pearl Harbor Day ransomware attack began in the early morning. Lagarde said:
As a result of the incident, the Technology Resources employees disconnected computers from the city’s network until the problem could be solved . The city of Pensacola remained operational throughout the incident, but some services were affected while the network was disconnected, including city emails, some landlines in the city, 311 customer service (311 can receive calls but online services are not available) (s) online invoice payments including Pensacola Energy and City of Pensacola Sanitation Services. Emergency dispatch services and 911 were not affected and continue to operate normally.
The timing of the attack seems to be coincidental and is not related to the killing of three sailors by a Saudi Air Force officer on December 6. And it follows the pattern of a number of recent Ryuk-based ransomware attacks on other national and local authorities.
Ars contacted Pensacola officials for more information about the attack, but received no response – possibly because the city has just started restoring email service to city workers with mobile devices.
Enlarge / A Facebook update of Pensacola for the city authorities about the ransomware attack.
Backup on the bayou
Meanwhile, Louisiana officials claim to have largely shaken off last month’s Ryuk ransomware attack. In a statement to Ars, Jacques Berry, policy and communications director for Louisiana’s Administration, characterized the ransomware as an “abject failure” because there was no “big data loss or compromised information or irreparable applications – none of these happened.” Berry insisted that sources who spoke to Ars “have incorrect, misleading or conflicting information. I would strongly warn you about relying on information that does not come from me or an interview I have organized.”
The Louisiana Office of Technology Services staff spent “work 24/7” the week after the attack, “Berry said,” and since then have scaled back slightly . They implemented a plan with a specific order of priority and set their efforts continue as definitive restorations are carried out in the most urgent but accurate way. “
The affected Medicaid records were limited to “Medicaid office program files,” Berry said, and the state’s new LaMEDS (Louisiana Medicaid Enrollment System) was unaffected. In addition, he said, no personal information from Medicaid recipient contained the affected data. Other reported data outages were due to network shutdowns and not data loss, Berry explained.