Pensacola confirms ransomware attack but provides few details

A decommissioned fighter jet is held up by a metal beam over a highway rest stop.
Enlarge / Pensacola, home of the Navy’s flight school and a cyberwarfare training center, was still reeling from a mass shooting at the Naval Air Station when ransomware hit the city’s network.

On December 7—less than a day after a mass shooting at Naval Air Station Pensacola—the city of Pensacola, Florida, was hit by what was originally described as a generic “cyber incident.” A city spokesperson has since confirmed that ransomware had struck a number of the city’s servers, taking down phones, email, electronic “311” service requests, and electronic payment systems.

With a population of 52,500 people, Pensacola is in Florida’s Gulf Coast “panhandle.”  In addition to being the home of the US Navy’s pilot training center, Pensacola is also, perhaps ironically, home of one of the training centers for the Navy’s Information Warfare Training Command.

Pensacola public information spokesperson Kacee Lagarde said in a statement that the Pearl Harbor Day ransomware attack began in the early morning. Lagarde said:

As a result of the incident, Technology Resources staff disconnected computers from the city’s network until the issue can be resolved… The City of Pensacola has remained operational throughout the incident, but some services have been impacted while the network is disconnected, including City emails, some city landlines, 311 customer service (311 can receive calls, but online services are not available) [and] online bill payments including Pensacola Energy and City of Pensacola Sanitation Services. Emergency dispatch services and 911 were not impacted and continue to operate normally.

The attack’s timing appears to be coincidental and not related to the killing of three sailors by a Saudi Air Force officer on December 6. And it follows the pattern of a number of recent Ryuk-based ransomware attacks on other state and local agencies.

Ars reached out to Pensacola officials for more details on the attack but received no response—possibly because the city has just begun to restore email service to city workers with mobile devices.

A Pensacola city-government Facebook update on the ransomware attack.
Enlarge / A Pensacola city-government Facebook update on the ransomware attack.

Backup on the bayou

Meanwhile, Louisiana officials claim to have largely shrugged off last month’s Ryuk ransomware attack. In a statement to Ars, Jacques Berry, director of policy and communication for Louisiana’s Division of Administration, characterized the ransomware as an “abject failure” because there was no “major data loss or compromised information or irrecoverable applications—none of these happened.” Berry insisted that sources who spoke to Ars “have incorrect, misleading, or conflicting information. I would strongly caution you against trusting information that doesn’t come from me or an interview arranged by me.”

The staff of Louisiana’s Office of Technology Services spent the week after the attack “laboring 24/7,” Berry said, “and scaling back only somewhat since then… They implemented a plan with a specific order of priority and continue their efforts as final service restorations are completed in the most urgent but accurate manner possible.”

Medicaid records affected were limited to “program files from the Medicaid office,” Berry said, and the state’s new LaMEDS (Louisiana Medicaid Enrollment System) was not affected. Additionally, he said, no Medicaid recipient’s personal information was in the affected data. Other reported data outages were due to network shutdowns and not data loss, Berry explained.

https://arstechnica.com/?p=1631115