{
	"id": "9901acd6-51e5-4dfe-af91-68c793fb1105",
	"created_at": "2026-04-06T01:31:44.330382Z",
	"updated_at": "2026-04-10T03:35:28.773707Z",
	"deleted_at": null,
	"sha1_hash": "2cd48c03de391dcdfe25c29240c97b979cdc9e93",
	"title": "Louisiana authorities investigating ransomware attack on city of Alexandria",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 166933,
	"plain_text": "Louisiana authorities investigating ransomware attack on city of\r\nAlexandria\r\nBy Jonathan Greig\r\nPublished: 2023-01-13 · Archived: 2026-04-06 00:58:34 UTC\r\nLouisiana state officials are investigating a ransomware attack affecting Alexandria, a 50,000-person city about\r\ntwo hours outside of Baton Rouge.\r\nOn Thursday, the AlphV ransomware gang added the city to its list of victims. City officials initially confirmed\r\nthat there was a cyberattack to local news outlet KALB, telling reporters that it was “notified of a possible systems\r\nbreach.”\r\nhttps://therecord.media/louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria/\r\nPage 1 of 5\n\n\"The matter is currently being investigated. All City operations are continuing as scheduled,\" city officials said in\r\na statement on Thursday night. \r\nhttps://therecord.media/louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria/\r\nPage 2 of 5\n\nMike Steele, communications director at the Louisiana Governor's Office of Homeland Security and Emergency\r\nPreparedness, told The Record on Friday that state officials had been pulled in to help with the response and\r\ninvestigation of the attack. \r\n“Cybersecurity resources from the state have been deployed to help out with the situation. The city and parish\r\nreached out to the state for support and that’s when our team stepped in,” Steele said. “There is a criminal\r\ninvestigation at the state level as well as some federal agencies involved in a federal investigation as well.”\r\nSteele could not provide details about how widespread the ransomware attack was but said they will have more\r\ninformation this weekend once an analysis of the attack is completed. \r\nEmsisoft threat analyst and ransomware expert Brett Callow said the attack on Alexandria would be the 22nd\r\nreported incident affecting a local government in the U.S. this year.\r\nLast year, 36 local governments in the U.S. reported ransomware incidents by June, and 77 were attacked by the\r\nend of the year, according to Callow.\r\nBoth 2019 and 2020 saw 113 reported ransomware attacks on local governments in the U.S. \r\nOn Friday, AlphV updated their post about Alexandria, threatening Louisiana Governor John Bel Edwards directly\r\nand referencing a series of ransomware attacks that crippled several state agencies in 2019. \r\nIn 2019, Edwards was forced to activate the state’s cyber incident response plan for the first time after multiple\r\nschool districts were hit, including the Tangipahoa Parish school district as well as the Sabine, Morehouse, and\r\nOuachita parishes. \r\n“I declared a state of emergency and began executing the playbook. It was the first time in Louisiana’s history that\r\na cyberattack was addressed like a disaster,” Edwards said during the National Governors Association’s biennial\r\nNational Summit on State Cybersecurity last year. \r\n“We activated state police, the office of technology services, and the national guard cyber team.”\r\nhttps://therecord.media/louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria/\r\nPage 3 of 5\n\nDuring the 2019 attacks, the Lafayette Parish School System was forced to cut off all internet and phone\r\nconnections to central offices as a way to mitigate the damage. \r\nOn Friday, AlphV said 2019 had “taught you nothing” and said the state “can’t get away” this time. \r\n“Your servers are lying down again and the network is tightly closed and unavailable. We got more than 80 GB in\r\ncompressed form of important data city [sic],” the ransomware gang said. \r\n“Don't make past mistakes and do the right thing. This time you won't get away with it.”\r\nImage: Brett Callow\r\nThe note also included a direct threat toward KALB, apparently for its brief report on the incident. \r\n“Further data leakage will be on your conscience. Your tongue is your enemy. Nother personal, just business. Best\r\nregards. 1 word = 1 mistake = 1 file,” the gang said. \r\nCallow said it was the first time he had seen a ransomware gang explicitly attempting to silence a media outlet. \r\n“I can only assume AlphV believes press attention at this point in time would lessen their chances of being paid –\r\nwhich may be a good reason for the press to shine a bright light on the incident,” he said. \r\nAlphV – also known as BlackCat – has attacked at least three U.S. colleges and universities this year, including\r\nFlorida International University and North Carolina A\u0026T University. Experts believe the group is a rebrand of the\r\nBlackMatter and DarkSide ransomware groups.\r\nThe FBI released an alert in April saying they have tracked at least 60 ransomware attacks by the AlphV group as\r\nof March. The group emerged late last year and became known for aggressively posting details about its victims\r\npublicly.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nhttps://therecord.media/louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria/\r\nPage 4 of 5\n\nLearn more.\r\nNo previous article\r\nNo new articles\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria/\r\nhttps://therecord.media/louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria/"
	],
	"report_names": [
		"louisiana-authorities-investigating-ransomware-attack-on-city-of-alexandria"
	],
	"threat_actors": [
		{
			"id": "42a6a29d-6b98-4fd6-a742-a45a0306c7b0",
			"created_at": "2022-10-25T15:50:23.710403Z",
			"updated_at": "2026-04-10T02:00:05.281246Z",
			"deleted_at": null,
			"main_name": "Silence",
			"aliases": [
				"Whisper Spider"
			],
			"source_name": "MITRE:Silence",
			"tools": [
				"Winexe",
				"SDelete"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "eb5915d6-49a0-464d-9e4e-e1e2d3d31bc7",
			"created_at": "2025-03-29T02:05:20.764715Z",
			"updated_at": "2026-04-10T02:00:03.851829Z",
			"deleted_at": null,
			"main_name": "GOLD WYMAN",
			"aliases": [
				"Silence "
			],
			"source_name": "Secureworks:GOLD WYMAN",
			"tools": [
				"Silence"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "88e53203-891a-46f8-9ced-81d874a271c4",
			"created_at": "2022-10-25T16:07:24.191982Z",
			"updated_at": "2026-04-10T02:00:04.895327Z",
			"deleted_at": null,
			"main_name": "Silence",
			"aliases": [
				"ATK 86",
				"Contract Crew",
				"G0091",
				"TAG-CR8",
				"TEMP.TruthTeller",
				"Whisper Spider"
			],
			"source_name": "ETDA:Silence",
			"tools": [
				"EDA",
				"EmpireDNSAgent",
				"Farse",
				"Ivoke",
				"Kikothac",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Meterpreter",
				"ProxyBot",
				"ReconModule",
				"Silence.Downloader",
				"TiniMet",
				"TinyMet",
				"TrueBot",
				"xfs-disp.exe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439104,
	"ts_updated_at": 1775792128,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2cd48c03de391dcdfe25c29240c97b979cdc9e93.pdf",
		"text": "https://archive.orkl.eu/2cd48c03de391dcdfe25c29240c97b979cdc9e93.txt",
		"img": "https://archive.orkl.eu/2cd48c03de391dcdfe25c29240c97b979cdc9e93.jpg"
	}
}