22 Texas Municipalities Attacked in an unprecedented attack.
Earlier in August, the Texas Department of Information Resources (DIR) confirmed that at least 22 government entities had been attacked by targeted ransomware which had resulted in them being taken offline. In the days following the attack, the Texas Division of Emergency Management, Texas Military Department and the Department of Homeland Security along with others suggested that a single hacker may have been responsible for all of the attacks. At this time, DIR reports that over 25% of the entities affected by the attack are already in remediation and a handful are back up and running.
Catalin Cimpanu at ZDNet states that a local source confirmed the attack was a ransomware that isn’t officially named but some virus scanners detect it as Nemucod. The ransomware “encrypts files and then adds the .JSE extension at the end”. It has been reported that the group has asked for 250 million dollars, but no details were giving if the heads of the organizations who were hacked will pay the ransom. Details past this are vague because this is an ongoing investigation and the State isn’t willing to divulge much of their evidence. There has been pushback on government entities paying any ransom in attacks like this, and many Mayors have signed a pact to never pay ransom. The consensus is local governments have been targeted more often in ransomware attacks because of their lack of adequate funding for cybersecurity making them appealing targets.
At this time DIR reports that over 25% of the entities affected by the attack are already in remediation and a handful are back up and running.
Thankfully no state government sites have been affected by the attack. It seems most of the targeted organizations were local governments.
This isn’t the only time in recent months that state governments have been targeted. In July of 2019 Louisiana had to declare a state of emergency when ransomware was discovered across three different school computer networks which shut down phones and prevented access to critical files. Baltimore had its state sites shut down for weeks for because of ransomware that affected emergency services, building permits and business licenses. These attacks are yet another sobering reminder of the need for robust cybersecurity measures, as well as phishing training throughout all organizations. The spearpoint of any cyberattack is usually a phishing email campaign. Identifying these attack attempts early is key to defeating a bad actor before they breach your network.