UPDATE: August 21, 2019:
The Texas Department of Information Resources (DIR) provided a public update August 20, 2019 on their website. Here is what is known:
- The number of confirmed impacted entities has been reduced to 22 from the initial 23
- As of the time of the release, responders have engaged with all 22 entities to assess the impact to their systems and bring them back online
- More than 25 percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual
- Evidence continues to point to a single threat actor
- Investigation into the origin of the attack is ongoing
- Texas Governor Greg Abbott’s website still has not mentioned anything regarding the ransomware attacks as of August 21, 2019 at 11:00am CT
Last week the Texas Department of Information Resources (DIR) informed the general public that 23 local government entities within the state were hit by coordinated ransomware attacks. Most victims were smaller entities, and all were hit on the morning of August 16th, 2019.
Very little information regarding the attack is currently available. The department did not disclose whether the entities were cities, towns, counties, or specific departments within the State of Texas. Additionally, size and scope of the attack has not been made publicly available.
As of the last public statement on the DIR website, which was posted August 17th, 2019 they know that the current evidence gathered points to the attacks emanating from a single threat actor. Investigation into the origin of the attack are ongoing, but they emphasize that the current priority is response and recovery for the affected parties.
All responders are currently working with the 23 confirmed entities to bring their systems back online.
According to the DIR, the State of Texas systems have not been impacted.
This recovery effort has been supported by numerous agencies and partners. According to the DIR, “The Texas Military Department and the Texas A&M University System’s Cyber Response and Security Operations Center teams are deploying resource to the most critically impacted jurisdictions. Further resources will be deployed as they are requested.”
Other agencies involved in the recovery effort include: The Texas Division of Emergency Management, Texas Department of Public Safety, Texas Commission of Environmental Quality, Department of Homeland Security, Federal Bureau of Investigation, along with other Federal cybersecurity partners. Additionally, other organizations like Dell Technologies have offered support.
In an additional statement, the DIR specifically mentioned Dell as a partner in the recovery effort. They said, “Dell is full committed to assisting the DIR and the affected public entities by providing additional discounts on enterprise infrastructure through the Dell Bulk Purchase Initiative. As the requirements and configurations are likely to vary significantly from one entity to the next, the discount grid…are minimum discounts. As specific requirements lead to specific configuration requests, additional discounts may be applied.”
The Texas DIR also is directing departments to various network product contracts and managed IT services contracts to further assist the cleanup.
A noteworthy item is that Texas Governor, Greg Abbott, has not mentioned a single thing regarding the ransomware attacks on his website as of August 20th at 11am.
The Attack on Municipal Entities Continues
Since 2013, 170 United States county, city, or state government systems have been hit by ransomware attacks. The startling thing is that 22 of these attacks have occurred in the first half of 2019. MSSP Alert has compiled a sampling of some of the biggest ransomware attacks within the past year or two.
At the U.S. Conference of Mayors, 225 of them declared that they would stop paying ransomware demands from hackers. However, the commitment via investment in cybersecurity and business continuity will need to be seen to maintain such a vow.
Stay tuned to the VIPRE blog for updates on that story.
The post 22 Texas Government Entities Hit by Coordinated Ransomware Attacks appeared first on VIPRE.