Cybercriminals demanding ransom to free up parts of New Orleans area sheriff’s office computer systems

An international cybercrime group is claiming responsibility for hacking the Orleans Parish Sheriff’s Office and holding its tech system for ransom.

Hackers breached the office’s system about three weeks ago, according to a source close to the sheriff’s office, and Louisiana and New Orleans cybersecurity specialists have been in the city trying to resolve the problem. 

The source tells CBS News the office and state are refusing to pay the ransom. There was no word on how much the group is demanding.  

In a post on the dark web obtained by the CBS News Confirmed team the group, called Qilin, says it carried out the ransomware attack.

According to screenshots from the group’s post, Qilin hackers have obtained contracts, inmate intake documents and expense information. The information posted so far doesn’t appear to be sensitive, and the OSPO stresses that no jail security operations have been impacted.

The CBS News Confirmed team found the total volume of the alleged hack is 842 gigabytes — enough to hold 42,000 average-sized 20mb pdfs. 

The sheriff’s office says the attack has affected its “DocketMaster” system, which manages inmate transfers to and from jail for court appearances and manages inmate releases on bail.

One woman in New Orleans, who didn’t want her name published, told CBS New Orleans affiliate WWL-TV she was frustrated after her husband wasn’t released from jail last week even though she paid his bond.

“I have two sons, four and six (years old). They miss their dad,” she said. “I did everything on my end to ensure that he comes home, so I feel like once everything is paid, everything is done, it shouldn’t be no hold up.”

OPSO officials say they’re using a manual workaround of the DocketMaster system outage.

“Out of an abundance of caution and to ensure continuity of service, OPSO has developed a temporary workaround,” a spokesperson wrote in a news release Monday. “Anyone needing information normally accessed through DocketMaster should call Jail Communications at (504) 202-9386 for assistance.”

The source close to the sheriff’s office said the attack stems from malware it got from another law enforcement agency via email.

The FBI warned of increasing malware attacks in March after a media company was attacked in a similar fashion. 

According to a cybersecurity firm called Recorded Future — cyberattacks exposing vulnerabilities are up 16% this year over last and the majority involve malware. And an FBI report says about 5.5% of ransomware incidents in 2023 involved government infrastructure.