Ransomware attack in Texas targets local government agencies
It appears to have been a coordinated campaign.
Ransomware attacks against local governments are still a clear problem, and Texas is discovering this first hand. The state has revealed that 23 government entities reported a ransomware attack on the morning of August 16th. Most of these were “smaller local governments,” the Department of Information Resources said, and State of Texas networks and systems weren’t hit.
Texas hasn’t named the institutions so far due to “security concerns.”
Pierluigi Stella, chief technology officer of Houston-based cybersecurity solution provider Network Box USA:
“There’s no hope that our government entities will truly ever be protected against cyberattacks. None whatsoever.
In the private sector, we’re used to doing things as and when needed. If we urgently need something new, we beg, we plea, we do whatever it takes, but we find the money and we acquire it. When it comes to the public sector, however, things aren’t quite the same.
Recently, I had a meeting with the CIO of a city near Houston. We were talking about ransomware and tools to stem off the issue; and at one point, he told me, “Send me the numbers so I can put this in the budget for 2021.” Wait, what? At first, I thought he was either joking, or confused. It’s August 2019, why are you mentioning 2021?
Seeing my perplexity, he proceeded to explain that his budget cycle spanned October to September, and that the budget for 2020 was already full. There was no leeway for him to squeeze anything else in and therefore, he’d only be able to consider security measures to combat ransomware in the next financial year, i.e., October 2020 for the calendar year 2021.
So, in a world wherein hackers come up with something new every single day, and we deploy new protections literally every minute, this city has to wait two years to get something they truly need
today now. Which means that by the time they do get it, it’ll be useless because, you know, hackers would’ve moved onto something new, and the vicious cycle starts all over again.
Is it always this way? Maybe not quite tragically, but in general yes, in the public sector things happen this way all the time. And I personally feel this is the main reason why our cities, states, counties, and federal government seem unable to do anything against cyberattacks. Little wonder – they’re forced to fight a battle with weapons that are obsolete the moment they obtain them. Saying they’re ill-equipped would probably be the understatement of the year.
But cybersecurity moves faster, and it is NOT OK to wait two years to obtain new protection. Public institutions need to realize this isn’t like buying new workstations. This is war, plain and simple. And in war, you don’t go through budgets and boards and approvals. There is none of that bureaucracy and red tape in such instances.
Cybersecurity needs to be approached that same manner. Government entities must find a way to properly empower someone to make decisions quickly, use the budget as necessary, when it’s necessary, and stay on top of issues as they arise, and certainly not two years later. Unless that happens, this will never be anything but a lost cause.”
Cesar Cerrudo, CTO of IOActive:
“This is just the evolution of cyber attacks on cities. When cyber criminals have a thriving business, what do they do? Of course, they invest in it and put more resources towards it. Cyber criminals have already validated their ransomware business so now they are just scaling up. We predicted this several years ago and this could become the new normal where targeted and coordinated attacks hit city systems. Cyber criminals always go for the easy profit and now they just found a gold mine in US cities, as their systems and infrastructure are clearly not very well protected against cyber attacks. Now a gold rush could be in the making and those unprepared cities will be mined.”
Jamil Jaffer, Vice President for Strategy & Partnerships at IronNet Cybersecurity:
“While we are still learning more about the recent ransomware attack on more than 20 cities in Texas, what appears to be unique about this attack is the targeted nature and scale of this attack, focusing simultaneously on a number of smaller cities to seek to extract some benefit for the attackers, likely in the form of revenue.
This attack takes place in the context of a steady rise in ransomware attacks against smaller companies and governments— with estimates raging from a 2x to 4x increase in attacks in recent years—and with exponentially larger damage being caused and revenue being extracted.
Part of the challenge is that smaller organizations tend to be more constrained in their ability to detect and respond to these types of cyber threats, making it all the more important that they work closely with one another, sharing potential threats in real-time to identify new attack patterns and behaviors before the next major attack takes place.
With more and more of these attacks taking place, and impact and costs increasing dramatically, creating a common operating picture of the threat environment—essentially a radar picture of cyberspace—will be critical to scaling the defense to meet the threat, because left to their own devices, individual companies and governments are going to find it extremely hard, if not impossible, to keep defending themselves against committed attackers, whether they are nation-states, criminal hacker gangs, or others simply taking advantage of the advanced capabilities that are increasingly available on the Internet.”
“With new and more advanced strains of ransomware constantly evolving, no organization is immune from attack, even if antivirus scanners are fully patched and kept up-to-date. The first step for preventing attack is mandating basic awareness training for employees (i.e., don’t click on attachments or links from suspicious emails or sites). Sooner or later though, a breach is bound to happen. The difference between organizations that survive and thrive in the face of attack and those that suffer exorbitant costs (in both money and downtime) comes in the form of a simple, yet often overlooked, tool: a cost-effective, easy-to-install, and easy-to-monitor backup and recovery solution that works on both modern and legacy systems. Conducting routine backups that are stored both on-site and off-site enables organizations to restore ransomware-infected systems to their pre-breach state in just minutes.
A resilient and reliable backup and recovery solution also negates the need to pay ransom. Paying a ransom not only makes your organization a target for future attacks – it also does nothing to guarantee you’ll regain access to your encrypted data. The US Conference of Mayors passed a resolution this year opposing ransomware payments. It’s high time the rest of the US public sector took a similar stand.
The latest headlines from Texas show bad actors aren’t slowing down – 23 cities in one shot! Unfortunately, we’ll keep seeing headlines like this until organizations take control of their own data protection and implement the simple steps necessary for stopping ransomware attacks in their tracks. Until then, let’s see which state (or county, or public school system, or police department… the list goes on) is next.”
Michael Covington, VP of Product Strategy at Wandera:
“Coordinated ransomware attacks are a natural evolution of the tactics being used against state and local governments. Over the past 6 months, we have seen an increase in the number of budget-stretched organizations being targeted by this particular type of malicious software.
Ransomware is particularly successful when it impacts critical services that aren’t prepared to fight a battle on multiple fronts; it’s often easier for the victims to pay the ransom than staff up for the necessary security investigation and response. By attacking these 23 cities at once, the attackers are trying to overwhelm the IT responders and force a big pay-out.
Combating these coordinated attacks is going to take action at the state and federal level. I’m hopeful the Texas DIR is able to offer the necessary resources to support the impacted cities so they can maintain critical services and decline the ransom payment.”
Kowsik Guruswamy, CTO of Menlo Security:
“Everybody knows that ransomware attacks happen by email or some malicious download, and yet we see stories like the Texas coordinated attacks again and again. The deep dark secret seems to be that the most advanced security products cannot prevent ransomware, but nobody wants to talk about it. The reality is that security products are flawed, and ransomware attacks like this are proof that the security industry needs to change its approach.”