The attack, which has victimized mostly smaller local governments, is thought to have been unleashed by a single threat actor.
As many as 23 government organizations across Texas are reeling from an apparently “coordinated ransomware attack”, an alert by the Texas Department of Information Resources (DIR) reveals.
The incident occurred last Friday and for the most part affected smaller local governments, reads the alert’s update. The attack appears to have been unleashed by “one single threat actor”, said the agency, before adding that state‑owned systems and networks were spared. The scope of the damage isn’t immediately clear, however, as the DIR stopped short of disclosing much in the way of additional details about the incident.
As a result, there’s no word on which specific entities were hit or which ransomware strain took root in their computer systems. Nor did the DIR say how the simultaneous attack on almost two dozen entities transpired. Other unknowns include the attack’s perpetrator(s), the amount of the demanded ransom, whether paying up has been weighed as an option, and, indeed, how the recovery efforts are progressing.
(Separately, the city of Borger has disclosed that it is one of the victims, whereas the National Public Radio has quoted a DIR spokesman as saying that none of the affected municipalities has paid up.)
“Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,” reads the alert’s uppate.
Response teams from multiple Texan authorities as well as from federal agencies such as the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are all working on bringing the affected systems back online. The situation prompted Texas Governor Greg Abbott to order a level 2 “escalated response”, which is one step below the highest level of alert – a level 1 “emergency.”
As shown by a recent report by threat intelligence provider Recorded Future, ransomware attacks on state and local governments in the US have been growing at a fast clip. Atlanta, Baltimore and two Floridian cities, for example, have all seen their municipal systems crippled by various ransomware strains. Whereas the first two chose to claw back their systems, Riviera Beach and Lake City decided to pay the ransoms up front, highlighting the tough choices that ransomware victims face.
Just weeks ago, the US Conference of Mayors, which represents more than 1,400 mayors from cities around the country, vowed not to cave in to cyber-extortionists in case their systems are hit by ransomware.
For precautions that organizations in general can take to defend against this type of threat, please refer to Ransomware: Expert advice on how to keep safe and secure. Enterprises, although not only them, may be particularly interested in our comprehensive white paper, Ransomware: An enterprise perspective.
written by Tomas Foltyn, ESET We Live Security