Over the past few days information about a ransomware attack in Texas, affecting 22 different cities all at once, has been trickling in. Experts believe that the coordinated ransomware attacks almost certainly had to be the result of a security flaw or breach at one managed services provider (MSP), however efforts to determine which MSP the 22 towns have in common have been surprisingly fruitless.
[Read our related article: How to Protect Yourself or Your Business from Ransomware in 2 Steps]
So far only two municipalities of the twenty-two that the Texas state government says have been hit have been identified, and that is because they have put out statements on their own. Those cities are Borger, Texas, and Keene, Texas.
The City of Borger issued a statement, saying that “On the morning of August 16, 2019 the City of Borger was one of more than 20 entities in Texas that reported a ransomware attack. Later that morning the State Operations Center (SOC) was activated. At this time, various State and Federal agencies are supporting and responding to the incident; including Texas Department of Information Resources, Texas Division of Emergency Management, Department of Homeland Security, Federal Bureau of Investigation-Cyber Crimes Unit, Federal Emergency Management Agency and others. Responders have reduced the count of confirmed impacted entities to twenty-two. The majority of the affected entities were smaller local governments.The State of Texas computer systems and networks have not been impacted. The evidence gathered indicates the attacks came from one single threat actor.”
|Get notified of new Internet Patrol articles for free!
Moreover, the City of Borger yesterday convened a special emergency meeting of the city council to consider and adopt a Memorandum of Understanding “between the Texas Military Department and the City of Borger for the deployment of Cyber Mission Forces”.
Meanwhile, City of Keene mayor Gary Heinrich has confirmed that the issue was the hackers getting into one provider who services the city, although he has not named that provider.
“They got into our software provider, the guys who run our IT systems. A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house,” Heinrich is quoted as saying, in an article by Sophos.
According to ZDNet, the ransomware that was used in the Texas attacks was Sodinokibi, although we have been unable to otherwise confirm that at this time.
What the Texas Department of Information Resources (DIR) is so far sharing is that:
More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.
The State of Texas systems and networks have not been impacted.
Evidence continues to point to a single threat actor.
Investigations into the origin of this attack are ongoing.
Because this is an ongoing federal investigation, we cannot provide additional details about the attack.
Meanwhile, across the pond the Register has dubbed Texas the “Pwn Star State”.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!