The Texas Department of Information Resources (DIR) recently reported that the systems of 22 organizations in the state, mainly smaller local governments, were affected by ransomware attacks that transpired last Saturday, August 17. The attacks, according to DIR, appeared to be coordinated, with the evidence gathered so far indicating that the attacks were initiated by a single threat actor.
In a statement, the DIR said, “Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions. Further resources will be deployed as they are requested.”
The affected organizations and the ransomware family involved in the attack have not been disclosed as of this writing. DIR, however, said that the affected agencies were already notified, and the incident responders were actively working to restore their systems back online. DIR also clarified that the ransomware attack did not affect the state of Texas’ systems and networks.
Ransomware attacks, particularly against public agencies and municipal organizations, are gaining traction recently, as demonstrated by the spate of incidents over the past months. Baltimore, for example, incurred financial losses of US$18.2 million after the systems used in the city’s government offices systems were affected by RobbinHood, the same ransomware variant that knocked the public systems in Greenville, North Carolina offline. Indeed, these kinds of attacks have become severe that operators of Ryuk, for instance, were able to wring US$460,000 from officials in Lake City, Florida after the malware disrupted the city’s systems.
The success of these seemingly targeted ransomware attacks are most likely spurred by the way these ransomware families also perform malicious routines apart from file encryption. Ryuk, for example, is also capable of rendering systems unbootable, while others like NamPoHyu Virus and MegaCortex target servers and networks. Cybercriminals targeting mission-critical systems or online infrastructures used to provide public services are banking on the significant, real-life impact of their malware to intimidate victims into paying the ransom.
Ransomware’s doesn't just result in financial losses — it also causes an adverse effect on an organization’s operations and reputation. In DIR’s statement, for instance, the costs for dealing with ransomware at the county level in Texas were estimated to be at US$3.25 million. It’s thus paramount that organizations strengthen their security posture against ransomware, which includes:
Keeping the system, network, servers, and programs/applications updated and patched (or use virtual patching for legacy and embedded systems or software)
Enforcing the principle of least privilege to reduce the attack surface, such as securing the use of system administration tools, restricting and disabling unnecessary or outmoded components, and assigning only the necessary privileges to user accounts
These solutions are powered by Trend Micro XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Updated as September 9, 2019, 6:30 p.m. PDT to reflect an update from the DIR the number of reported affected organizations.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).