On Saturday, the Texas Department of Information Resources (DIR) revealed that hackers initiated a ransomware attack against 23 municipal computer systems. Investigators determined that “one single threat actor” launched the coordinated cyber-attack. As of this writing, state and federal agencies are collaborating to restore the affected networks.
The organization did not disclose the rogue operators’ ransom demands or which areas of the state they targeted.
The DIR coordinated with several local and federal agencies to address the widespread municipal ransomware attack.
Currently, the office is working with the Texas Division of Emergency Management, the Texas Military Department, Texas A&M University’s Critical Incident Response Team, the Texas Department of Public Safety, the Texas Public Utility Commission, the Department of Homeland Security, and the Federal Bureau of Investigation’s Cyber Federal Emergency Management Agency to resolve the hack.
Though the DIR hasn’t disclosed its progress in dealing with the ransomware program, ZDNet reports that the hackers used a virus known only as “.JSE ransomware.” First detected in August 2018, the malware encrypts users’ files but does not present them with a ransom note. Traditionally, the program is introduced via a Trojan called Nemucod that is initially deployed by a spam or phishing email.
An Escalating Problem
In July, the U.S. Conference of Mayors stated that hackers have deployed 22 ransomware attacks against American cities and towns until that point this year. However, since then, there has been a marked escalation in the scope of America’s municipal cyber-attack problem.
Later that month, Louisiana Governor John Bel Edwards declared a state of emergency after hackers encrypted the computer systems of three local school districts. Subsequently, the Louisiana National Guard dispatched its security experts to aid in the recovery effort.
While the incidence of municipal ransomware attacks has risen throughout 2019, coordinated hacks are a new development. A Wired article offers a possible reason for the escalation: recently, cyber-assaults on cities and towns have been very lucrative.
In March, rogue operators employed ransomware to paralyze the municipal computer systems of Jackson County, Georgia. Local administrators paid $400,000 to regain control of their digital infrastructure. Similarly, in June, hackers launched cyber-attacks against Key Biscayne, Lake City, and Rivera Beach, Florida. Leaders in Lake City and Rivera Beach acquiesced to the hackers’ demands and cumulatively paid them $1.1 million in Bitcoin.
Primary New Targets
Rendition Infosec founder Jake Williams told Wired that these high-profile payouts haven’t gone unnoticed by malicious actors. Furthermore, unlike major cities such as Atlanta and Baltimore, smaller municipalities often give in to ransom demands because they lack the financial resources to easily counter such damaging malware assaults.
As such, unscrupulous hackers now know exactly what kind of digital infrastructure to target to get an easy payday
As both the scale and frequency of municipal ransomware attacks are increasing, the federal government needs to take action. Local leaders don’t have the resources to deal with a problem this pervasive and sophisticated. Since a single city can spend more than $17 million to recover from a hack, Washington can’t afford to ignore the problem.