Texas Cities under Attack
Updated: Sep 8, 2019
Up to 23 Texas entities – the majority of which are local governments – were hit by a ransomware attack on Friday that Texas officials say is part of a targeted attack launched by a single threat actor.
Details remain scant about the specific agencies hit by the ransomware attacks, which began on the morning of Aug. 16, as well as which systems are impacted. However, the Texas Department of Information Resources (DIR) as of Saturday night did say that responders are actively working with all 23 entities to bring their systems back online, and that the State of Texas systems and networks are not impacted.
“Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions,” according to the DIR in a statement on its website. “Further resources will be deployed as they are requested.”
The Texas DIR denied comment to Threatpost when questioned about the specific entities impacted “due to security concerns,” except to say that “they were smaller, local governments.”
The DIR also did not comment on which systems are down, how systems were first infected, and the specific amount of ransom. Threatpost also reached out to representatives from Dallas, Houston and Austin for comment on whether they were impacted by the attack. While representatives from Dallas and Austin have not yet responded, a spokesperson from Houston told Threatpost that “as far as we know, Houston has not been affected.”
“The city of Houston is aware that a ransomware attack has affected several local government agencies throughout Texas,” according to a statement sent to Threatpost. “We are in contact with the Texas State Operations Center and will monitor the latest developments….The Mayor’s Office of Homeland Security and the IT Services Department will continue to proactively work to secure and protect the city’s assets.”
The DIR said that at this time, evidence gathered indicates the attacks came from one single threat actor.
Allan Liska, threat intel analyst with Recorded Future, told Threatpost that the attacks signify an important shift in the ransomware attack model. Typically, state and local governments have been “targets of opportunity” for ransomware attacks – with the gangs behind Ryuk and SamSam appearing to stumble onto previous state and local governments targets. However, this incident appears to be the first where a string of governments were actively being targeted in an attack.
“This is the first time there’s been an attack against several local governments in a state… this is big, it’s a game changer,” Liska told Threatpost. “This will change the model going forward [for attackers], and that will be a problem for governments.”
Continue reading the remainder of this post here at ThreatPost.COM