VLCM Blogs - Learn How To Get IT Right

'Coordinated Ransomware Attack' in Texas Hits 23 Local Governments - from BLEEPINGCOMPUTER

Written by Joseph Warner | Aug 19, 2019 3:33:29 PM

"The continued scourge of ransomware attacks targeting municipalities across the United States continues.  This time, 23 confirmed attacks reported last week by entities in Texas.  VLCM recommends that local municipalities and other entities in Utah should stay informed, remain vigilant and follow previously-released guidance from the US Cybersecurity and Infrastructure Agency (CISA), Multi-State Information Sharing and Analysis Center (MS-ISAC), National Governors Association (NGA) and the National Association of State Chief Information Officers (NASCIO) in order to prevent attacks."

Originally posted on BLEEPINGCOMPUTER

Texas is currently fighting an unprecedented wave of ransomware attacks that has targeted local government entities in the state, with at least 23 impacted by the attacks.

Details are at a minimum at the moment as the Department of Information Resources (DIR) leads the response and investigation into the attacks. Texas released a brief notification advising affected local jurisdictions to call the state's Division of Emergency Management for assistance.

23 may not be the final count

The attacks started in the morning of August 16 and based on the collected evidence appear to have been conducted by a single threat actor.

The number of confirmed victims is 23 and the department believes that this is how many entities were "actually or potentially impacted;" all of them have been notified.

 

The origin of this attack is currently unknown, but is being investigated by local Texas authorities such as the DIR, Texas Division of Emergency Management, and Texas Military Department.

Also involved in the investigation are federal agencies such as the Department of Homeland Security, Federal Bureau of Investigation – Cyber, and Federal Emergency Management Agency (FEMA).

In its original statement released late Friday, DIR says that while investigations into the origins of the attack are ongoing, their main priority is to assist in the response and recovery of affected entities.

"Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions."

Additional resources will be provisioned if they are requested, DIR added, noting that the Texas Division of Emergency Management (TDEM) is assisting the effort by coordinating state agency support through state's operations center.

DIR is leading the response to what it calls a "coordinated ransomware attack" but does not disclose which organizations are impacted. This is because of security concerns.

Elliot Sprehe, press secretary for the department, told KUT, Austin's NPR Station that DIR was trying to confirm the total number of affected entities.

"It looks like we found out earlier today, but we’re not currently releasing who’s impacted due to security concerns,” Sprehe told the public radio station.

In an updated statement on Saturday, DIR said that the systems and networks of the State of Texas have not been affected by this attack. 

 

Until more details emerge, it remains unclear the strain of file-encrypting malware responsible for the attack and the perpetrator(s) ransom demand.

Hopefully, a proper backup system was implemented and current efforts to restore activity to normal relate only to recover the data from the safe copies.

Ransomware is big in U.S.

Ransomware incidents have increased lately in the U.S., and the government sector is a frequent target. And it makes sense when more and more administrative entities decide to pay the ransom, which may get as high as half a million dollars.

Telemetry data from security company Malwarebytes reveals the the U.S. has been at the receiving end of ransomware attacks more than any other country in the world., accounting for 53% of the global incidents.

In June, cybercriminals demanded and got paid in bitcoins worth a little over $1 million at that time, from just two attacks in Florida.

Organizations in other states have also been hit by ransomware recently: the Town of Collierville in Tennessee, Onondaga County libraries in New York, Henry County in Georgia, school districts in Louisiana and Alabama.

The map below shows file-encrypting incidents impacting medical, educational and government organizations across the US:

 

 

What all these attacks should have in common is a backup restore procedure and not paying the cybercriminals.