Louisiana has brought some of its services back as it recovers from a targeted ransomware attack using the Ryuk malware on November 18. The state’s Office of Motor Vehicles re-opened offices on Monday in a limited fashion. But OMV and other agencies affected—including the state’s Department of Health and Department of Public Safety—are facing a number of potential hurdles to restoring all services, according to people familiar with Louisiana’s IT operations.
The ransomware payload was apparently spread across agencies by exploiting Microsoft Windows group policy objects—meaning that the attackers had gained access to administrative privileges across multiple Active Directory domains. This is symptomatic of TrickBot malware attacks, which uses GPOs and PsExec (a Microsoft remote administration tool) to spread its payload.
