An investigation showed a custom backdoor RAT and the Emotet trojan in the networks of municipal victims of the attacks.
The National Guard has been called in to help stop a series of government-focused ransomware attacks in Louisiana, according to a report.
Local government offices across the Pelican State have been besieged by ransomware strikes, according to a cybersecurity consultant speaking to Reuters, with “evidence suggesting a sophisticated hacking group was involved.”
The paper reported that a forensic investigation into the attacks unearthed a remote access trojan (RAT) buried in affected networks, which is often the calling card of an advanced persistent threat (APT) group known to be an arm of the North Korean government. That said, the “KimJongRat” backdoor has had its source code partially leaked, which could allow cyberattackers to copy it – thus casting doubt on that attribution.
The Emotet trojan was also found in victim networks, sources said, which can load other malware and self-propagate through networks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning earlier this month that state and local governments need to fortify their systems against the malware, amid a dramatic uptick in Emotet phishing attacks on municipalities since July.
“This increase has rendered Emotet one of the most prevalent ongoing threats,” the CISA alert read.
Sources said that the attacks were successful in locking up networks in several government offices in northern Louisiana, after staff were socially engineered via email into opening an attachment and triggering the infection chain. Further, the attackers took over victim email accounts to send malware to other employees under the guise of legitimate communications.
However, that cyberattack was stopped “in its early stages before significant harm was done,” according to the report.
It’s unclear which ransomware family was used in the attacks. The Louisiana National Guard has declined to comment on the incidents.
This is not the first time that Louisiana has called out the National Guard to combat cyberattacks. In July 2019, Louisiana’s governor declared a statewide state of emergency after ransomware hits on at least three school districts – Monroe City, Morehouse Parish and Sabine Parish. Declaring the state of emergency allowed coordination between cybersecurity experts from the National Guard, Louisiana State Police and the Office of Technology Services.
Ransomware attacks continue to surge in all sectors. Just this month, Software AG was struck by the Clop ransomware; French IT giant Sopra Steria was afflicted with Ryuk; and a county in Georgia found its voter-registration database caught up in an attack.