Coordinated Ransomware Attack Cripples Local Government Organizations in Texas

The Texas Department of Information Resources (DIR) recently reported that the systems of 22 organizations in the state, mainly smaller local governments, were affected by ransomware attacks that transpired last Saturday, August 17. The attacks, according to DIR, appeared to be coordinated, with the evidence gathered so far indicating that the attacks were initiated by a single threat actor.

In a statement, the DIR said, “Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions. Further resources will be deployed as they are requested.”

The affected organizations and the ransomware family involved in the attack have not been disclosed as of this writing. DIR, however, said that the affected agencies were already notified, and the incident responders were actively working to restore their systems back online. DIR also clarified that the ransomware attack did not affect the state of Texas’ systems and networks.

[READ: Narrowed Sights, Bigger Payoffs: The Ransomware Landscape in 2019 So Far]

Ransomware attacks, particularly against public agencies and municipal organizations, are gaining traction recently, as demonstrated by the spate of incidents over the past months. Baltimore, for example, incurred financial losses of US$18.2 million after the systems used in the city’s government offices systems were affected by RobbinHood, the same ransomware variant that knocked the public systems in Greenville, North Carolina offline. Indeed, these kinds of attacks have become severe that operators of Ryuk, for instance, were able to wring US$460,000 from officials in Lake City, Florida after the malware disrupted the city’s systems.

The success of these seemingly targeted ransomware attacks are most likely spurred by the way these ransomware families also perform malicious routines apart from file encryption. Ryuk, for example, is also capable of rendering systems unbootable, while others like NamPoHyu Virus and MegaCortex target servers and networks. Cybercriminals targeting mission-critical systems or online infrastructures used to provide public services are banking on the significant, real-life impact of their malware to intimidate victims into paying the ransom.

[Best Practices: Defending Against Ransomware]

Ransomware’s doesn't just result in financial losses — it also causes an adverse effect on an organization’s operations and reputation. In DIR’s statement, for instance, the costs for dealing with ransomware at the county level in Texas were estimated to be at US$3.25 million. It’s thus paramount that organizations strengthen their security posture against ransomware, which includes:

  • Regularly backing up files and ensuring the integrity of these back-ups
  • Keeping the system, network, servers, and programs/applications updated and patched (or use virtual patching for legacy and embedded systems or software)
  • Enforcing the principle of least privilege to reduce the attack surface, such as securing the use of system administration tools, restricting and disabling unnecessary or outmoded components, and assigning only the necessary privileges to user accounts

Trend Micro Ransomware solutions

Enterprises can benefit from a multilayered approach to best mitigate the risks brought by ransomware. At the endpoint level, Trend Micro Smart Protection Suites deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimize the impact of this threat. Trend Micro Deep Discovery Inspector detects and blocks ransomware on networks, while Trend Micro™ Deep Security™ stops ransomware from reaching enterprise servers — whether physical, virtual, or in the cloud.  Trend Micro™ Deep Security™, Vulnerability Protection, and TippingPoint provide virtual patching that protects endpoints from threats that exploit unpatched vulnerabilities to deliver ransomware.

Email and web gateway solutions such as Trend Micro™ Deep Discovery™ Email Inspector and InterScan™ Web Security prevent ransomware from ever reaching end users. Trend Micro’s Cloud App Security (CAS) can help enhance the security of Office 365 apps and other cloud services by using cutting-edge sandbox malware analysis for ransomware and other advanced threats.

These solutions are powered by Trend Micro XGen™ security, which provides a cross-generational blend of threat defense techniques against a full range of threats for data centerscloud environmentsnetworks, and endpoints. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense. 

Updated as September 9, 2019, 6:30 p.m. PDT to reflect an update from the DIR the number of reported affected organizations.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.