Last week 22 local governments in Texas were hit with a crippling coordinated ransomware attack. Now many municipalities are still struggling to restore services, highlighting how vulnerable government bodies are to cyber-attacks.
Currently, the Texas Department of Information Resources, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions.
Along with Texas state departments, the FBI, Department of Homeland Security and the Federal Emergency Management Agency are reportedly assisting in both the investigation into the ransomware attacks and the recovery from them.
Lubbock County was attacked and seemingly handled it very well. The City of Borger had to enact its continuity of operations plan after many of its services were crippled in the attack. The City of Kaufman has also publicly disclosed that they were hit by the ransomware.
The hardest-hit government appears to be the City of Wilmer, a town of aproxamently 3,600 in Dallas County. A report by local CBS, said that Wilmer’s police department, water department, and public library were affected. Stating city workers were greeted by a blue screen with the message, “all your files are encrypted.” when they turned on computers.
Specific details regarding the attack have not been disclosed by the Texas Department of Information Resources, the entity coordinating the response. However, some of the municipalities have publicly acknowledged they were attacked.
No official details of the type of ransomware attack used have been released. However, ZDNet, citing an unnamed source, said the ransomware encrypts files and then adds the .JSE extension to the end. The ZDNet report speculates the ransomware strain might be Nemucod. But others have speculated that it may be Locky, a fairly famous strain of ransomware that adds .JSE to encrypted files and that’s.
Locky, first noticed in 2016, encrypts files and makes a ransom demand, usually a demand for payment in bitcoin. Historically the primary distribution of locky is via email, but over the years other tactics have been used, including a huge phishing campaign in April.
The local governments in Texas are not the first in the U.S. to be targeted by ransomware. In June several local governments in Florida paid the ransom demand setting a very bad precedent, that just makes small municipal governments more desirable targets for hackers.
Bob Wilson a researcher at BroadBand Landing said .”..[T]hese attacks will come more frequently as the technology becomes easier to access and municipalities cave and payout the fines. In Lake City, Florida, taxpayers only paid $10,000 and insurance covered the rest of the ransomware payout. $10,000 is almost certainly less than the cost of recovering from a hack like this.”
Wilson also said most of the vulnerability for hacks like these come from people, not systems. Saying, “While computers are susceptible to a narrow attack vector, no amount of security software on any device can beat a human who opens the door for ransomware”
Adding, “Most hacks are the result of social engineering. One person opens an attachment they shouldn’t have or plugs in the thumb drive they shouldn’t have. Picture a city manager getting an email with the subject “Proof of what you did” — Do you think that person is going to the IT department before opening an attachment”
This is a grim image of the new reality, where unknown hackers can take down a citie’s normal operations and be paid off, because it’s easier than fixing the problem.
Header Image: aaron_anderer