Security Trends/Attacks
Arctic Wolf Networks

State and Local Governments in the Cyber Crosshairs—Coordinated Ransomware Attack Cripples 22 Texas Municipalities

In August, a single hacker simultaneously targeted state-run systems in 22 cities across Texas in a coordinated ransomware attack that infected specific government agencies. Among the impacted services were those undertaken in city halls, police departments, and libraries in smaller local governments. Officials are still scrambling to bring their computer systems back online as a federal investigation into the attack continues. It has been called the largest coordinated ransomware attack of its kind and the work of a single threat actor.

Payments, utility accounts, birth and death records, police departments, and other vital services may still be offline in the targeted municipalities, which include Borger, Keene, Kaufman, Wilmer, Bonham, Graham, and Vernon.

A spokesman for the Texas Department of Information Resources declined to say if any of the towns had paid the ransom. However, NPR has reported a collective demand of $2.5 million. In a typical ransomware attack, hackers block access to vital data until their demands are met. Until systems are restored, victims often must resort to pen and paper for operations. This can mean millions of dollars in lost revenue, even if they choose not to pay the ransom.

What Happens During a Ransomware Attack?

Huge ransomware attacks like this can be triggered by the act of a single employee. Email attachments and links that appear harmless can contain malicious code. Older and more complex systems are the most vulnerable, and cybercriminals get increasingly clever and more deceptive with their malvertising bait. Once a computer system is infected with malware it can take weeks, months, or more to regain access, which is incredibly disruptive to government agencies but also capable of putting private firms out of business.

Ransomware attacks continue to surge into 2019. In just the first four months, there were 22 major incidents reported. Some of the most devastating attacks this year alone have paralyzed computer systems in major cities like Atlanta and Baltimore. For these victims, options for mitigation are limited.

Do Victims Always Pay the Ransom?

In some cases, businesses and state-run facilities pay the ransom demand, but it can be financially crippling. Officials in Lake City, Florida paid $460,000 in bitcoin to regain access to their systems. Officials in Riviera Beach, FL, approved nearly $600,000 to pay their ransom. But a threat intelligence firm study (Recorded Future) found that only 17% of local agencies followed the path of these Florida cities and met payment demands. Those who are unable or unwilling to pay may be able to restore their systems from offline backup files. Unfortunately, backup files are often missing, lost, or otherwise unavailable, and the only option is to painstakingly rebuild everything from scratch. Making matters worse: these attacks are often repeated in a series.

Battling—and Defeating—Ransomware Attacks in Sparks, NV

A series of orchestrated attacks targeted the city of Sparks, Nevada, just outside of Reno. As one of the fastest-growing cities in the state, city government officials had essential security defenses in place, but their police department was still being targeted in a series of phishing attacks. They realized that a security operations center (SOC) could provide them with a stronger and more scalable security strategy. Within a week of installation, Arctic Wolf’s SOC-as-a-service delivered the protection they needed against these attacks and other malware-related invasions. The Sparks IT team closed holes in their firewalls and fixed critical ISP issues. In no time, officials in Sparks felt more confident with their systems.

Coordinated attacks can target many entities at once, as we’ve just seen in Texas. But Arctic Wolf’s cybersecurity experts can help prevent vulnerabilities in systems from being exploited by hackers. Arctic Wolf SOC-as-a-service addresses weaknesses in your system by flagging high-priority fixes based on the likeliness of exploitation. And its detection and response capabilities help identify ransomware in affected critical systems so they can be taken offline instantly, mitigating the potential impact.

Learn more about how Arctic Wolf protected Sparks from a spate of ransomware attacks by reading this case study.