Early on August 16th, a total of 23 local government organizations in Texas were hit by a coordinated ransomware attack. The type of ransomware has not been revealed, and Texas officials asserted that no state networks were compromised in the attack. A mayor of one of those cities said the attackers are asking for $2.5 million to unlock the files. The attacker, whose identity is still unknown at this point, appears to have specifically targeted municipalities that are too small to have their own IT departments.
Most hacker bait tends to come in the form of a seemingly benign email with links or attachments that, once opened, can infect a system. There are other popular ways of tapping into networks, such as through remote desktop systems, which can be vulnerable to hackers.
How did this particular event in Texas go down?
“They got into our software provider, the guys who run our IT systems,” Keene Mayor Gary Heinrich said. “A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house.”
This is essentially a case of vendor compromise; instead of attacking 22 different localities, the hackers appear to have simply compromised one government IT contractor and gained access to all of their clients. This brings up an important question… In today’s age, many software and hardware systems are housed off-premise with vendors and data hosts. Are you sure that they aren’t the weak point in your cyber security?
This continues what has been a particularly brutal year for ransomware thus far. While opportunistic attacks against consumers appear to be down from last year, with a modest 116 percent increase in customer ransomware incidents, attacks against businesses and governments are up by 365 percent.
In July, the US Conference of Mayors reported that there have been 22 ransomware attacks on city, county, and state governments in the first six months of 2019. Those attacks include the notable Ryuk attack that hit Georgia’s court system and then Georgia’s state and capitol police back in July.
Sometimes local governments see no other option to restoring their crippled networks than paying a ransom demanded by hackers. In Lake City, Florida, a town of about 12,000 residents, officials paid $460,000 in the form of bitcoin. The ransom was paid by insurance, but taxpayers were still on the hook for a $10,000 deductible.
We will see how these Texas malware attacks are handled – but in the meantime, are you sure your vendor(s) are not a weakness to compromising your company’s security? Curious where to start? We can point you in the right directions – talk to ISM today!