Is the Texas ransomware attack the tip of the spear?
- By Susan Miller
- Aug 22, 2019
The coordinated ransomware attack that hit 22 local governments in Texas illustrates the bind small agencies are in when it comes to defending against sophisticated attacks.
The attack began the morning of Aug. 16, when more than a ransomware attack was reported by more than 20 entities, the majority of which were smaller local governments. The attackers demanded $2.5 million to decrypt the files. The Texas State Operations Center was activated and is working along with other state, federal and university response teams.
Officials said the attack appears to be the work of a single actor and that no state systems were affected.
None of the affected jurisdictions have been officially identified yet, but a report in Ars Technica identified five of the victims: Lubbock County and the cities of Borger, Kaufman, Keene and Wilmer. Wilmer, Texas reported that files in its police department, water department and public library were encrypted by the ransomware.
On Aug. 20, the Texas Department of Information Resources, which is leading the response to the attack, said responders had engaged with all affected entities to assess the impact to their systems and bring them back online. By then, more than 25% of the victims had "transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual," DIR officials said.
Keene Mayor Gary Heinrich told NPR the hackers broke into the IT systems by way of a contractor that he said also supports many of the other municipalities targeted.
"They got into our software provider, the guys who run our IT systems," Heinrich said. "A lot of folks in Texas use providers to do that, because we don't have a staff big enough to have IT in house."
Ransomware attacks on governments have become more common as hackers realize their IT offices are often under resourced, having neither the skilled staff or funds to keep up with best practices to address vulnerabilities and defenses. They also tend to rely older equipment and software that is no longer supported by the manufacturer.
In the last few years, Baltimore, Atlanta along with agencies in Connecticut and many smaller cities like Florida’s Lake City and Riviera Beach have been hit.
Although the costs of recovery can be high – the attack on Baltimore reportedly cost the city in excess of $18 million between lost or delayed revenue and direct costs to restore systems – the majority government officials say they'll not pay ransom to hackers. Some cities with cyber insurance have paid, however, and some decryption firms pay ransoms, get the decryption key and pass the costs along to clients.
In July, the U.S. Conference of Mayors resolved to stand "united against paying ransoms in the event of an IT security breach."
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at firstname.lastname@example.org or @sjaymiller.