Twenty-two Texas local governments are now striving to recover from the coordinated ransomware attack recorded as the first one to hit the public sector. Texas state officials reported the attack by Sodinokibi (Revil) ransomware on August 16th. Immediately, the State deployed resources to the jurisdictions that were severely impacted.
Responders are now working with all 22 entities to analyze the impact of the attack on the systems and bring them back online. The state response involves cybersecurity personnel from the Federal Emergency Management Agency, F.B.I., Intelligence, and Counter-Terrorism, and Texas A&M University System’s Security Operations Center.
On August 20th, updates emerged, stating that over 25 percent of the impacted entities had transitioned from the assessment and response state to that of remediation and recovery. Additionally, it was informed that several entities had resumed normal operations. Also, the State of Texas networks and systems were not under any impact.
Attack Unrolled Through the Managed Service Provider
The DIR revealed that the nature of attack points toward one threat actor. NPR reported a collective ransomware demand of $2.5 M to get the systems out of the attack. Twenty-two Texas municipalities, largely in rural areas, were crippled in terms of key city services such as printing of identity documents and payment processing operations, as a consequence of this attack.
The attackers seemed to have targeted municipalities too small to have their own I.T. departments. This is being deemed as the largest coordinated texas ransomware attack on a government.
NPR reported that the attackers broke into the information technology software used by the city and managed by an outsourced business, which also supports other targeted municipalities. Many of the targets use services by the outsourced company, a managed service provider, as they lack the resources and the staff to perform I.T. operations in-house.
These details indicate this is a case of vendor compromise. The attackers compromised one government I.T. contractor to gain access to all of their clients’ data quickly.
Ransomware- a Common Challenge for Government Entities
It looks like this year attackers have decided to focus on government entities for attacks. States such as Georgia, Maryland, and Florida were affected by ransomware this year, having to pay out hundreds of thousands of dollars and losing millions.
A Florida city agreed to pay ransomware of $600,000 to attackers to unlock its data, while a city in Baltimore got robbed of over $18 M in ransom. Hackers now know that government entities function under tight budgets, especially in rural areas. And, this is the weak link they have decided to exploit.
Malwarebytes reports that such attacks on government agencies have increased 365% in the past one year. Cybersecurity is as strong as the underlying funding, and smaller towns and cities often get left behind.
Cybercriminals love easy targets and poorly defended systems. These cities make for a tempting target as they still have the required revenue to fulfill ransom demands after an attack. A Barracuda research revealed that over 50 cities and towns became victims of cybercrimes only by the first half of this year. Two-thirds of over 70 ransomware attacks in the U.S. focused on state and local governments.
Out of the towns hit by ransomware attacks, only a few choose to pay the ransom. Barracuda’s report shows that of the 50 municipal attacks over six months, only three towns paid the ransom. Others chose to fight the invasion and lost millions in doing so.
Are We Ransomware-ready?
An I.B.M. Security and Morning Consult survey found that nearly 60 percent of respondents are against their local governments using their tax dollars to pay ransoms in such cases. An overwhelming 90 percent of U.S. citizens said they are in favor of increasing federal funding to improve cybersecurity in cities.
Hackers today carefully pick out targets who have cybercrime insurance, as these are the ones more likely to payout. Given the amount of effort, risk, and time needed to invest into fix a ransomware attack, these crimes seem naturally lucrative to attackers.
At WeSecureApp, we help businesses understand what stands as their top priority in ensuring the security of their data and applications. We help organizations see the gaps in their security arrangements and then work with them to plug those loopholes before attackers do.
Cybersecurity is a long-term approach that does not finish after one successful assessment. WeSecureApp can be your partner in keeping your data and applications secure while earning and retaining the trust and loyalty of your customers.
A majority of cybersecurity lies in the details and maintaining consistent I.T. hygiene, as most attackers exploit well-known vulnerabilities in systems.
Learn more about our offerings, and let’s secure your enterprise.