Now, state agencies in Texas have succumbed to a ‘coordinated ransomware attack‘ that has impacted at least 23 local government entities across the state. The Texas Department of Information Resources (DIR), which is leading the response and investigation into the incident, said the attacks started in the morning on August 16.
Origins Unknown
“The majority of these entities were smaller local governments,” the DIR said, adding evidence pointed to “one single threat actor.” The origin of the attacks is still unknown, nor were details of the affected entities. But ZDNet, quoting a local source, said the ransomware encrypted the files and added a “.JSE” extension at the end.
— Tx Dept of IR (@TexasDIR) August 17, 2019 “Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions,” the department said.
The continuing wave of ransomware attacks
The development comes as several US cities have been crippled by a wave of ransomware attacks, with infections leading agencies to spend hundreds of thousands of dollars to recover access to systems. While one hopes there is a proper backup system and an adequate incident response plan in place, the continuing attacks reflects on the agencies’ poor security posture, thereby making them a lucrative target. Statistics from Malwarebytes released early this month show that ransomware detections are increasingly shifting from consumer targets to businesses and governments, suggesting threat actors are setting their sights on public and private organizations that are ill-prepared to handle such attacks. Ransomware detections against businesses in the second quarter of 2019 rose by a whopping 363 percent year over year, while consumer detections of ransomware declined by 12 percent year over year and 25 percent quarter over quarter, the report said. Regardless of the type of victim and the region affected, ransomware remains at the top of the list of digital threats for businesses. As long as companies continue to pay to get their data restored, “digital kidnapping” of valuable data will be a sound business model for cybercriminals, incentivizing them to mount new attacks. Furthermore, it’s not just about paying the ransom, as many businesses will also need to invest in upgrading their security practices following a ransomware attack. This could be avoided by setting up offline backups and isolating critical data from the main network. Update on Aug. 21, 12:00 PM IST: The DIR has issued a fresh update on the cyber incident, stating the “number of confirmed impacted entities has been reduced to 22.” But the incident has not yet been attributed to any group, citing an ongoing federal investigation into the origin of the attack. In the meanwhile, it has emerged that the malware used in the attack is the popular Sodinokibi ransomware strain, according to ZDNet.