[BreachExchange] Hackers breach 20 Texas government agencies in ransomware cyber attack

Destry Winant destry at riskbasedsecurity.com
Mon Aug 19 10:10:18 EDT 2019


State officials say they are responding to a coordinated ransomware
attack that has affected at least 20 government agencies throughout

The state's Department of Information Resources is leading the
response to the breach, assisted by the Division of Emergency
Management, the department said in a news release posted Friday.

With assistance from the Texas Military Department and Texas A&M's
Cyberresponse and Security Operations Center, the information
resources department is deploying resources to those jurisdictions
most seriously impacted, though the state did not specify where they

"Further resources will be deployed as they are requested," the department said.

According to Newsweek, hackers have in recent years adoptedransomware
attacks as a preferred extortion method, especially among municipal
entities. By planting malicious code inside agencies' information
systems, digital intruders are able to exploit relatively
unsophisticated or out-of-date cyberdefenses and inhibit computer
access, the magazine said.

Affected users are then asked to pay a ransom — almost always in
mostly untraceable bitcoin — to regain control of their systems.
However, whether Texas officials had been asked to do so was unknown.

In 2016, global ransomware attempts rocketed to 638 million from just
4 million the year before, according to SonicWall, a Santa Clara,
Calif.-based network security firm.

"Ransomware really wasn't an issue two years ago," SonicWall CEO Bill
Conner said in a 2017 Dallas Morning News story. "It's a huge one now.
It's the wild, wild west of the cyber arms race."

At the time, the company had created a heat map of data hijackers'
favored locations that showed Dallas, Austin, Houston and San Antonio
in the crosshairs.

"Everyone knows that Texas is rapidly growing with new businesses,
which means there are more companies to feed on," Conner said.

More information about the BreachExchange mailing list