It has been reported that the Department of Information Resources (DIR) has confirmed that the state of Texas has been responding to a cyber-attack that has affected at least 23 government agencies. Details are at a minimum at the moment as the Department of Information Resources (DIR) leads the response and investigation into the attacks. Texas released a brief notification advising affected local jurisdictions to call the state’s Division of Emergency Management for assistance. The attacks started in the morning of August 16 and based on the collected evidence appear to have been conducted by a single threat actor.
The latest development to this hack is that the hacker is now demanding a collective ransom of $2.5 million. The names of all the municipalities impacted by the attack remain undisclosed, but two of them announced the hit publicly. Ransomware incidents have increased lately in the U.S., and the government sector is a frequent target. And it makes sense when more and more administrative entities decide to pay the ransom, which may get as high as half a million dollars.
While our data shows a decline in general purpose ransomware, targeted ransomware has become a powerful weapon against state and local municipalities who often have underfunded and understaffed information security programs. This makes them relatively soft targets for attackers who are selecting victims to maximize their probability of payment.
Its too easy to demand and receive ransom payment without the risks associated with traditional data ex filtration. Until organizations are serious about ransomware protection, these types of wide-reaching ransomware attacks will, unfortunately, continue.
As we’ve witnessed across K-12 school districts and municipalities this summer, ransomware attacks are highly disruptive, said Conner. Today’s citizen-centric environments — networks that spread across city hall, law enforcement agencies, court houses and the DMV — can be compromised in minutes. Everyday operations are then held for ransom at high costs.
US government bodies have recently been a major target for ransomware attackers as they have been seeing huge pay outs from their attacks, with numerous governments giving into attacker demands and reportedly paying ransoms.
It is therefore not surprising the attackers in this incidence are demanding such a huge amount of money – if it worked with previous government agencies, why should it work again?
However, it generally is never recommended to pay ransom demands as this only fuels the industry. Instead the best defence against ransomware is a comprehensive security program that protects against known threats and malicious intent or behaviour. Companies and governments have an obligation to protect themselves and their citizens or customers from ransomware attackers. Protecting data assets should now be considered a key component of national defence.
Different forms of cybercrime go in and out of fashion according to how effective they are at any given moment. Recently, ransomware targeting smaller local government entities has proven to be a profitable endeavour, hence the rise in this type of attacks.
Another element granting popularity to this type of attacks is that they are relatively low cost and easy to pull off, especially when the target isn’t a large enterprise with the resources to protect its entry points, patch regularly and train its employees on email hygiene best practices. It is important to use the coverage that these attacks are gaining on the media to promote cybersecurity awareness among local governments and SMEs, which, regardless of their size, should realise that they are still potential targets and should therefore move cybersecurity at the forefront of their agenda; sometimes, even just ensuring that employees are prepared to recognise the signs of a phishing email can be what makes the difference between having to pay a ransom and a diverted security incident.
Attacking local governments poses great potential for hackers. In addition to the regular “hacker\’s benefits” of gaining access to customer data, an attacker who penetrates a city\’s system may get access to sensitive residents information. Depending on the IT structure of the targeted local government, hackers can have an impact on multiple systems, beyond just customer information databases. From an attacker\’s perspective, the potential in hacking a city is much higher than the potential in hacking a commercial organisation.
In addition, local governments tend to communicate with a wide variety of businesses and individuals, with many of them being one time contacts. This makes them more vulnerable to attacks, as their employees don\’t know most of the contacts with whom they communicate in person.
Moreover, when it comes to cities in the U.S, many of them are comprised of multiple departments and units, using various technological platforms, policies, and processes. This structure may make it more difficult for the security team to protect each and every endpoint.
To summarise, cities offer a great opportunity for hackers, who look for easy targets showing high potential. Therefore, it is no surprise that most of the top 25 U.S. cities have cyber-insurance or are looking to buy a policy, according to The Wall Street Journal.
Cities should be more aware of the risk, train their employees and constantly update their systems with security updates and patches. They should also get familiar with the latest development in cybersecurity to ensure they are not lagging behind in this cat and mouse race of cyberattacks vs cybersecurity solutions.