Pierluigi Paganini August 22, 2019

Crooks behind the attacks against Texas governments are now demanding $2.5 million to allow victims to access encrypted data.

The cybercriminals behind the wave of attacks that hit 23 Texas governments are now demanding $2.5 million to allow victims to access encrypted data.

The attacks started in the morning of August 16 and security experts investigating the incidents believe that it was a coordinated attack carried out by a single cyber crime gang.

Initially, it was said that at least 23 local government organizations were impacted by the ransomware attacks. The Department of Information Resources (DIR) is currently still investigating them and providing supports to mitigate the attacks, anyway evidence continues to point to a single threat actor.

The State Operations Center (SOC) was the attacks were detected.

According to the Texas Department of Information Resources (DIR) the number of impacted towns has been reduced to 22.

“As of the time of this release, responders have engaged with all twenty-two entities to assess the impact to their systems and bring them back online.” reads an update provided by the DIR.

“More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.”

The city of Keene confirmed the attack and announced it is working with law enforcement to resolve a cyber incident.

Another of the towns hit by the ransomware attack, the City of Borger, confirmed that business and financial operations and services were impacted, although basic and emergency services continued to be operational.

“On the morning of August 16, 2019 the City of Borger was one of more than 20 entities in Texas that reported a ransomware attack.” reads the press release published by the City of Borger.

“Currently, Vital Statistics (birth and death certificates) remains offline, and the City is unable to take utility or other payments. Until such time as normal operations resume, no late fees will be assessed, and no services will be shut off,”

Keene Mayor Gary Heinrich told NPR the attackers are asking for $2.5 million to unlock the files.

“Well, just about everything we do at City Hall is impacted” Heinrich said.

“They got into our software provider, the guys who run our IT systems. A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house.”

Unfortunately, ransomware attacks are a big problem for US Government and City Offices, recently some cities in Florida were victims of hackers, including Key Biscayne, Riviera Beach and Lake City.

In June, the Riviera Beach City agreed to pay $600,000 in ransom to decrypt its data after a ransomware-based attack hit its computer system. A few days later, Lake City also agreed to pay nearly $500,000 in ransom after a ransomware attack.

In July 2018, another Palm Beach suburb, Palm Springs, decided to pay a ransom, but it was not able to completely recover all its data.

In March 2019, computers of Jackson County, Georgia, were infected with ransomware that paralyzed the government activity until officials decided to pay a $400,000 ransom to decrypt the files.

The list of ransomware attacks is long and includes schools in Louisiana and Alabama.

Pierluigi Paganini

(SecurityAffairs – Texas, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]