Ransomers are at it again! 23 towns across Texas have been hit with ransomware in a coordinated malware attack. The towns were hit on Friday morning, August 16, and officials reported that while several government agencies had resumed operations, only one city was operational by the following Tuesday, August 20.
Texas Governor Greg Abbott issued a level 2 escalated response alert state-wide later on Friday, signaling that the situation was beyond local responders abilities, and sent security experts to aid affected towns. Federal forces were also called to investigate the attack.
The state of Texas reported that the attack was orchestrated by “one single threat actor,” whatever that means, and said that the attacks were not random, but did not elaborate. One city did come forward to say that the attackers got into their IT software, which is managed by an outside company, and that many of the other affected towns also used the same software.
Officials have declined to reveal which cities were involved, but said that the ransomware attack affected only agencies in these local governments, and not entire government networks. However, two cities (including the one mentioned above) have come forward. Reene, Texas, said they are unable to process their citizens’ utility bills. Reene’s Mayor, Greg Heinrich, told NPR, “just about everything we do at City Hall is impacted.” Citizens of Borger, Texas, are also unable to pay their utility bills online, as well as access birth and death certificates. Borger reported that the ransomware attack affected city business and financial operations.
Heinrich also told NPR that the hackers were asking for $2.5 million collectively; it is unknown at this time whether any cities have paid.
An analyst from Recorded Future, Allan Liska, said, “We haven’t seen this kind of coordinated ransomware attack against municipalities before. We have seen attackers that will go after local governments, but sequentially.” Liska is adamant that this attack is one of (if not the) first coordinated cyber attacks on municipalities.
There is a concern that this attack may be a turning point for cybercrime in the future; Liska said, “If this turns out to be a new phase — because bad guys love to copycat each other — we’re going to see a continued acceleration of these kinds of attacks.”
This story is among many this year, including the attacks at the beginning of the summer on three Florida cities. In 2019 alone, there have been at least 49 orchestrated ransomware attacks on municipalities, including the attack in Texas. Counting the cities from this most recent attack individually would raise that number to 71 ransomware incidents, making 2019 well on it’s way to doubling the number of ransomware attacks in any previous year.
The lesson here is: be prepared and get protected. With the rise in Ransomware attacks on municipalities, the CISA has released a statement, urging governments and businesses to take the necessary steps to protect their data. Check out the full statement here. The first, most important step to data protection that your city or business can take is to start backing up your data, and protect those backups. Talk to a Fibernet representative about backup services we recommend. As for the other steps? Fibernet’s Managed IT services can help!