The US National Guard has been called in to help stop a series of government-focused ransomware attacks in Louisiana, says a report
An investigation showed a ‘custom backdoor RAT’ & the Emotet trojan in the networks of municipal victims of the attacks.
Local govt. offices across the ‘Pelican State’ have been besieged by ransomware strikes, according to a cyber-security consultant speaking to Reuters, with “evidence suggesting a sophisticated hacking group was involved.”
The paper reported that a forensic investigation into the attacks found a remote access trojan (RAT) buried in affected networks, which is often the ‘calling card’ of an advanced persistent threat (APT) group known to be an arm of the N. Korean govt.
The “KimJongRat” backdoor has had its source code partially leaked, which could allow cyber-attackers to copy it, & thus cast doubt on that attribution.
The Emotet trojan was also found in victim networks, sources commented, which can load other malware & self-propagate through networks.
The US Cyber-Security & Infrastructure Security Agency (CISA) issued a warning earlier this month that state & local govts. need to fortify their systems against the malware, amongst a dramatic increase in Emotet phishing attacks on US municipalities since July.
“This increase has rendered Emotet one of the most prevalent ongoing threats,” the CISA alert read.
Sources said that the attacks were successful in locking up networks in several govt. offices in northern Louisiana, after staff were socially engineered via email into opening an attachment & triggering the infection chain.
Also, the attackers took over victim email accounts to send malware to other employees under the guise of legitimate communications.
However, that cyber-attack was stopped “in its early stages before significant harm was done,” according to the report.
It is unclear which ransomware family was used in the attacks. The Louisiana National Guard has declined to comment on the incidents.
This is not the first time that Louisiana has called out the National Guard to combat cyber-attacks. In July 2019, Louisiana’s Governor declared a state-wide state of emergency after ransomware hits on at least 3 school districts – in Monroe City, Morehouse Parish & Sabine Parish.
Declaring the state of emergency allowed coordination between cyber-security experts from the National Guard, Louisiana State Police & the US Office of Technology Services.
Ransomware attacks continue to surge in all sectors. This month, Software AG was struck by the Clop ransomware; French IT giant Sopra Steria was afflicted with Ryuk; & a county in the US state of Georgia found its voter-registration database caught up in an attack.