An Overview of the Texas Ransomware Attack and What You Can Learn from It

[harlan4096]

A Coordinated Ransomware Attack Hit 22 Texas Municipalities in 2019. Here’s What You Can Learn from It.

Ransomware attacks against local government agencies, educational institutions, and organizations in general are on the rise. To prevent them, administrations must learn from past mistakes. This is why the Texas ransomware attack is on today’s discussion board.

In this article, I will go over the events of the Texas ransomware attack, as well as provide a few essential cybersecurity considerations that can be deduced from this very teachable moment in recent cybersecurity history. Curious to see what the Lone Star State learned from it all? Stay tuned until the end.

A Timeline of the Texas Ransomware AttackIn the early morning hours of August 16, 2019, 22 municipalities in the American state of Texas were targeted as part of a coordinated cybercrime operation. The perpetrators behind the attack were identified not as Leatherface and the murderous Sawyer family, but as the REvil or Sodinokibi ransomware gang.

When the Texas ransomware attack occurred, local governments deployed a swift and well-organized response operation that involved more than ten relevant agencies. This has been key to the success of the threat mitigation process in the state. As per an update released by the Texas Department of Information Resources (DIR) on September 5, 2019, the action unfolded as follows:

• On August 16, 2019, more than 20 small local governmental entities in several cities across the state of Texas reported a ransomware attack.
  
• Later in the morning of August 16, 2019, the State Operations Center (SOC) was escalated to Level II.
  
• By 7:00 p.m. on August 23rd, 2019, all targeted entities had transitioned from the assessment stage to the remediation one. Business-critical services had also been restored at this point.
  
• The Texas Department of Information Resources scheduled follow-up visits with all affected local governments to assess the success of the operation.
  

The same update issued by the Texas Department of Information Resources mentions the subsequent agencies (besides DIR itself) as having supported the incident response efforts:

• Texas Division of Emergency Management,
  
• Texas Military Department,
  
• Texas Commission of Environmental Quality,
  
• Texas Public Utility Commission,
  
• The Texas A&M University System’s Security Operations Center,
  
• The Texas A&M University System’s Critical Incident Response Team,
  
• Department of Homeland Security,
  
• Federal Bureau of Investigation – Cyber,
  
• Federal Emergency Management Agency,
  
• and the Texas Department of Public Safety, namely the departments of:
  • Computer Information Technology and Electronic Crime (CITEC) Unit
    
  • Cybersecurity
    
  • Intelligence and Counter Terrorism
    

 
Which Texas Cities Were Attacked by Ransomware?

In terms of which Texas cities were attacked by ransomware in 2019, not much is known. Only two have come forward by their own accord in the wake of the Texas cyber attack, namely the Borger in the Texas Panhandle and the town of Keene located outside Fort Worth.

Borger

Officials in Borger, a Texan town counting 13,250 residents, have declared that both business and financial operations were affected in the area as a result of the cyberattack. The city was left unable to accept utility payments from any of its citizens. What is more, birth and death certificates were no longer available online due to the system being compromised.

Keene

Similarly, the town of Keene could not process utility payments from any of its 6,100 residents in the wake of the Texas cyber attack. In a statement for NPR, Mayor Gary Heinrich disclosed that hackers demanded a collective ransom of $2.5 million in exchange for government services to be restored in the area.

As per Heinrich’s explanation, the attackers hacked an information technology software that was used by the city of Keene, as well as many of the other targeted municipalities. The system was managed by an outsourced company. The Mayor motivated this widespread choice on account of not having enough manpower to administrate IT in-house.

And the Rest?

A complete list of the affected municipalities has not been made available to the public. As per Texas Department of Information Resources spokesperson Elliott Sprehe, this measure is meant to prevent further incidents targeting already destabilized systems.

Did Texas Cities Pay on the Ransomware?

As reported in the aforementioned update issued by DIR, none of the Texas municipalities targeted by the incident paid the ransom. By detecting the attack early on and assigning the relevant agencies and private sector partners to the case soon thereafter, local governments in the affected cities and counties managed to hold the ransomware infection under control quite efficiently.

What is more, there was no need on their part to pay the ransom and unlock hostage files, as some cities managed to restore the impacted files from offline backups. Other municipalities went as far as to rebuild their networks from scratch to not give in to the demands of the Sodinokibi cybercrime gang.

As a rule of thumb, I recommend that you follow the example set by these Texas cities and never pay the ransom. It’s never a good idea to offer cybercriminals financial benefits at your own expense. Not only do you not have any guarantee you will actually get your data back, but you will also be responsible for further funding their unlawful activities. You really don’t want to be that guy, trust me.

Besides, giving in to the demands of malicious actors can ruin your reputation as an administrative institution. A survey published by IBM around the same time as the Texas ransomware attack found that approximately 60% of American taxpayers were strongly opposed to their local governments using public dollars to pay ransoms.
...

Continue Reading