Texas Attacks Remind Us To Backup And Beware Of Phishing
By: Jim Stickley and Tina Davis
August 21, 2019
You probably heard something about a coordinated ransomware attack on multiple Texas government entities this week—22 as of this writing. Information is still coming in, but what has investigators on edge is the fact that it was extremely coordinated and so far, appears to have been perpetrated by a single actor; though they don’t yet know who or what it may be. The attacker(s) aren’t asking for pennies either—the ransom they are asking for is $2.5 million. I think we can all agree that’s big, even for Texas.
As of this writing, the breach is ongoing. It began on August 16. It has mostly hit smaller municipalities, but the only ones confirmed so far are Borger in the Texas Panhandle and Keene, which is a small city near Ft. Worth. Officials in Keene said the attackers actually got access via a third-party software service provider. Hiring consultants or third-parties is common these days, especially for smaller organizations that don’t have budgets to hire full time staff to manage IT tasks in house.
Unfortunately, having others manage important data puts an organization at additional risk. After all, we are depending on others to protect the data and sometimes, they make mistakes. It’s important to thoroughly vet all third-party providers and discuss their security processes and mitigation steps. Work together with them to keep your data as safe as possible. Just keep in mind, there is no guarantee that it will stay safe even with the strictest security policies possible.
Attackers often end up inside a network via phishing lures. They dangle something malicious in an email link or attachment that is opened by an end user. There is no way to avoid successful attacks like that unless the employees and staff are aware of the ongoing threats and techniques used in instances like this. That’s the most effective way to keep threats at bay. No matter how many perimeter security products are in place, a clever phishing email will make it through. Then, it’s one click and that user, and subsequently your network, is hooked.
Recently two Florida towns were hit with ransomware as well. The city of Lake City actually paid $460,000 to the attackers in Bitcoin. For a small community, even the insurance deductible is a big chunk of the budget.
It’s advised never to pay a ransom to get data back. That just encourages more similar behavior. Instead, keep current backups of important data and separate it from the operations part of the network. If at all possible, keep it separate from the Internet.
This attack triggered a “Level 2 Escalated Response,” by the Governor’s office. That means that it is significant beyond a level that local responders can deal with. Outside cybersecurity experts are being brought in to help with it and more details are sure to come.