More than 20 government agencies in Texas have been victimized in what looks to be a coordinated ransomware attack.
The attack took place over the weekend, and officials with the Texas Department of Information Resources said that most of the targeted agencies are smaller local government bureaus, though they have not identified which specific agencies have been hit. The officials also have not publicly disclosed which ransomware is involved in the incident or what the ransom demands are.
“On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments. Later that morning, the State Operations Center (SOC) was activated with a day and night shift. At this time, the evidence gathered indicates the attacks came from one single threat actor. Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,” the DFIR said in a statement.
Ransomware began as mostly a consumer threat, with attackers infecting individual victims, encrypting their data and demanding a ransom in order to decrypt it. In the last couple of years, however, attackers have been targeting enterprises and government agencies in an effort to maximize the potential payout for their intrusions. There have been a number of large-scale ransomware attacks on city and state governments recently, most notably the crippling intrusion of the City of Baltimore’s infrastructure in May. The attackers demanded a $100,000 ransom, which city officials refused to pay, and instead began restoring systems from backups. That process is still ongoing and the city has estimated the attack has cost more than $18 million so far.
Other cities that have been targeted by ransomware have chose a different path. Two cities in Florida, Lake City and Riviera Beach, both opted to pay large ransoms in order to recover their data. Lake City paid about $500,000 and Riviera Beach paid nearly $600,000.
Baltimore’s network was hit the RobinnHood ransomware, but there are dozens of individual ransomware variants, most of which can be quite difficult to deal with. Security researchers have been successful in finding weaknesses or decryption methods for some ransomware, but there are many others that have no technical solution available. Law enforcement agencies typically advise victim organizations not to pay the ransom if they’re hit, but organizations without current backups sometimes don’t have other options.
The Texas DIR officials said 23 total agencies were compromised in the current attack, although it does not appear that the State of Texas network itself was hit with the ransomware.