More than 20 local government agencies and institutions in Texas have reported that on August 16, 2019, a coordinated, massive, ransomware attack has affected their computers.
Officials refuse to reveal the type of ransomware attack that targeted 23 organizations. The majority of which are small governments in Texas, stating that immediate response was initiated — the same morning of the attack.
No state network was compromised during the attack, even though the intention and form of the attack remained unclear.
A spokesperson from Texas Department of Information Resources, or TDIR, said in a statement that the agency could not reveal any further details regarding the attack, nor can they confirm the type of attack that has targeted government agencies.
What is confirmed, however, according to the update posted by the Department of Information Resources of Texas, is that all the attacks came from one source.
It is still unclear if any of the government agencies succumb to the ransomware and the hacker’s ransom demand. “Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,” read the DIR’s post.
“It appears all entities that were actually or potentially impacted have been identified and notified.”
Department of Information Resources of Texas said that they commission the help of different state and private agencies to respond to the ransomware attacks, such as:
- Texas Department of Information Resources
- Texas Division of Emergency Management
- Texas Military Department
- Texas A&M University
- System’s Security Operations Center/Critical Incident Response Team
- Texas Department of Public Safety
- Computer Information Technology and Electronic Crime (CITEC) Unit
- Cybersecurity, Intelligence, and Counter-Terrorism
- Texas Public Utility Commission
- Department of Homeland Security
- Federal Bureau of Investigation – Cyber
- Federal Emergency Management Agency
- And other Federal cybersecurity partners are all working together to investigate and respond to the threat and bring the affected systems back online.
Ransomware is a type of cyberattack where the threat actor infiltrates a system or a computer and usually encrypting all the files, so they become inaccessible to the victim, and then demand a ransom for the decryption key.
Ransomware attacks vs. government offices and businesses
Texas is the latest state affected by a series of brutal ransomware attacks against U.S. government agencies and city agencies in the past few months. In April, social services in Albany, New York was paralyzed after a threat actor sent ransomware to the city government’s computers.
The said attack on Albany, New York has put several social services like issuance of birth certificates, death certificates, and marriage certificates in halt.
Another series of ransomware in Arizona back in April has forced several businesses to lose millions of funds in an attempt to contain the impacts of the ransomware.
Norsk Hydro, one of the biggest aluminum producers worldwide, was previously forced to shut down a part of its manual operations because of a cyberattack that targeted its computer systems and internal servers. Investigation on the attack revealed that the company was attacked by a LockerGoga ransomware.
“Hackers are starting to exploit those gaps in companies of all sizes and industries. The problem is no longer exclusive to large corporations or data-rich organizations. The tools hackers use are cheap, easy to find, and simple to use, which makes hacking for fun or profit easier than ever,” said cybersecurity expert Spencer Callaghan.
Furthermore, ransomware attacks are not only affecting US government institutions and business. In a new report, it was revealed that the ransomware attack also affects other industries in different countries around the world.
IBM’s X-Force IRIS incident response team published new research that talks about the different cybersecurity incidents they have assisted in the past year. Their results reveal that there was an increase of 200 percent in the number of malicious malware incidents that the company has assisted within the first half of 2019 (January to June) when compared to the second half of 2018 (July to December).
Interestingly, half of the case that the cybersecurity firm assisted in the first quarter of 2019 are from the manufacturing industry. Other sectors affected destructive malware include oil & gas and education and from countries in Europe, the United States, and the Middle East.