[BreachExchange] Texas attackers demand $2.5 million to allow towns to access encrypted data

Destry Winant destry at riskbasedsecurity.com
Fri Aug 23 10:01:53 EDT 2019


The cybercriminals behind the wave of attacks that hit 23 Texas
governments are now demanding $2.5 million to allow victims to access
encrypted data.

The attacks started in the morning of August 16 and security experts
investigating the incidents believe that it was a coordinated attack
carried out by a single cyber crime gang.

Initially, it was said that at least 23 local government organizations
were impacted by the ransomware attacks. The Department of Information
Resources (DIR) is currently still investigating them and providing
supports to mitigate the attacks, anyway evidence continues to point
to a single threat actor.

The State Operations Center (SOC) was the attacks were detected.

According to the Texas Department of Information Resources (DIR) the
number of impacted towns has been reduced to 22.

“As of the time of this release, responders have engaged with all
twenty-two entities to assess the impact to their systems and bring
them back online.” reads an update provided by the DIR.

“More than twenty-five percent of the impacted entities have
transitioned from response and assessment to remediation and recovery,
with a number of entities back to operations as usual.”

The city of Keene confirmed the attack and announced it is working
with law enforcement to resolve a cyber incident.

Another of the towns hit by the ransomware attack, the City of Borger,
confirmed that business and financial operations and services were
impacted, although basic and emergency services continued to be

“On the morning of August 16, 2019 the City of Borger was one of more
than 20 entities in Texas that reported a ransomware attack.” reads
the press release published by the City of Borger.

“Currently, Vital Statistics (birth and death certificates) remains
offline, and the City is unable to take utility or other payments.
Until such time as normal operations resume, no late fees will be
assessed, and no services will be shut off,”

Keene Mayor Gary Heinrich told NPR the attackers are asking for $2.5
million to unlock the files.

“Well, just about everything we do at City Hall is impacted” Heinrich said.

“They got into our software provider, the guys who run our IT systems.
A lot of folks in Texas use providers to do that, because we don’t
have a staff big enough to have IT in house.”

Unfortunately, ransomware attacks are a big problem for US Government
and City Offices, recently some cities in Florida were victims of
hackers, including Key Biscayne, Riviera Beach and Lake City.

In June, the Riviera Beach City agreed to pay $600,000 in ransom to
decrypt its data after a ransomware-based attack hit its computer
system. A few days later, Lake City also agreed to pay nearly $500,000
in ransom after a ransomware attack.

In July 2018, another Palm Beach suburb, Palm Springs, decided to pay
a ransom, but it was not able to completely recover all its data.

In March 2019, computers of Jackson County, Georgia, were infected
with ransomware that paralyzed the government activity until officials
decided to pay a $400,000 ransom to decrypt the files.

The list of ransomware attacks is long and includes schools in
Louisiana and Alabama.

More information about the BreachExchange mailing list