Several Local Texan Governments Infected with Ransomware
Update, 8/21/2019: Two Texas towns, Keene and Borger, have confirmed they were amongst the 23 municipalities hit with ransomware last week. Mayor Gary Heinrich of Keene stated the attack accessed their network through their outside security provider. The use of a third-party security provider is rather normal for small municipalities, as they lack the IT staff to manage their own IT needs. Therefore, it is entirely possible, this one security provider was managing all impacted governments. This has not been confirmed but does help to make sense of how 23 different facilities fell victim on the same day. The ransom demands have also leaked to the public — a whopping $2.5 million to unlock the data for the 23 local governments impacted. At this time, it is unclear if officials will pay.
Last week, multiple governments municipalities throughout the state of Texas found their networks corrupted with ransomware. Although many details are being kept under wraps, we do know approximately 23 different government entities were impacted.
Ransomware is malicious software used to encrypt files within a network, making them inaccessible to network users. The cyber criminals then demand a ransom payment, typically in an untraceable digital currency such as Bitcoin. If victims opt to pay the ransom, hackers provide a decryption key which is supposed to restore the data.
Several state and federal government entities are working together in an attempt to recover the lost data. So far, it has been confirmed the FBI, DHS, and Texas Department of Public Safety are involved. There are several factors that remain unknown, including what the ransom demands were, what ransomware variant infected the networks, and how it bypassed cyber security software.
The best way to avoid falling victim to ransomware is to follow these five steps:
- Deploy a security solution that uses application whitelist security – meaning only known trusted programs will be allowed to execute
- Backup data daily to either an external device or via the cloud
- Keep all third-party applications and operating systems updated
- Complete cyber security training to ensure users are aware of current cyber threats, and the red flags to identify them
- Close all unused, enabled remote desktop protocol (RDP) ports