'Coordinated Ransomware Attack' in Texas Hits 23 Local Governments

[[correlate]]

Content source

https://www.bleepingcomputer.com/news/security/coordinated-ransomware-attack-in-texas-hits-23-local-governments/

Texas is currently fighting an unprecedented wave of ransomware attacks that has targeted local government entities in the state, with at least 23 impacted by the attacks.

Details are at a minimum at the moment as the Department of Information Resources (DIR) leads the response and investigation into the attacks. Texas released a brief notification advising affected local jurisdictions to call the state's Division of Emergency Management for assistance.

'Coordinated Ransomware Attack' in Texas Hits 23 Local Governments

Texas is currently fighting an unprecedented wave of ransomware attacks that has targeted local government entities in the state, with at least 23 impacted by the attacks.

www.bleepingcomputer.com

 

[upnorth]

At least 23!? Wow! :emoji_cold_sweat:

Sad to watch and I do hope it gets back fast.

News | Texas Department of Information Resources

dir.texas.gov

the ransomware that infected the networks of the 23 local Texas governments encrypts files and then adds the .JSE extension at the end.

This ransomware strain does not have its own name, being generally called the .jse ransomware --although some antivirus vendors detect it as Nemucod, under the name of the trojan that drops it on infected hosts. First signs of this .jse ransomware have been spotted as early as August 2018, but activity has continued and has been reported as recently as this month. The ransomware is a strange one as it does not leave a ransom note behind, confusing victims who most of the time don't know what happened.

Over 20 Texas local governments hit in 'coordinated ransomware attack'

Infection blamed on Sodinokibi (REvil) ransomware strains.

www.zdnet.com

 

[[correlate]]

At least 23!? Wow! :emoji_cold_sweat:

Sad to watch and I do hope it gets back fast.

News | Texas Department of Information Resources

dir.texas.gov

Over 20 Texas local governments hit in 'coordinated ransomware attack'

Infection blamed on Sodinokibi (REvil) ransomware strains.

www.zdnet.com

It became like the Weather News every day ransom attack

 

[DeepWeb]

Sounds like some foreign government did that. Government and corporate computers need to whitelist applications. Only what they absolutely need should run on computers. Also wanna guess how many of these computers still run Windows Xp?

 

[upnorth]

On August 19, Borger city officials announced on Facebook that the ransomware attack had "impacted normal City business and financial operations and services." A continuity of operations plan had been put into effect to "provide basic and emergency services (Police, Fire, 9-1-1, Animal Control, Water, Wastewater and Solid Waste Collection)," but there was no estimate of how long it would take for full services to be restored.

A spokesperson for the City of Kaufman, Texas, announced on Facebook that Kaufman had also been affected by ransomware. "The City of Kaufman Computer and Technology Services has been severely affected by an outside source," the spokesperson said in an August 19 post. "At this time, all of our computer and phone systems are down and our ability to access data, process payments, etc. is greatly limited." Kaufman's police and fire departments remain operational, according to the statement.

Today, the LA Times reported that Keene, Texas—a small incorporated city of 6,500 people 40 miles south of Fort Worth—was also hit by the ransomware. While Keene's police and utilities were not affected, the city's payment system for water bills was taken down.

But the hardest hit known so far is the City of Wilmer, a community of about 3,600 in Dallas County. According to a report from CBS' Dallas/Fort Worth affiliate, systems at Wilmer's police department, water department, and public library were affected. City workers reported that when they turned on computers, they were greeted with a blue screen carrying the message, "all your files are encrypted."

While one Texas county shook off ransomware, small cities took full punch

Lubbock County managed to isolate the attack quickly. Others, not so much.

arstechnica.com

 

[upnorth]

The hackers’ demand? A cool $2.5 million for the decryption keys to unlock the data. It was the latest in a brutal wave of ransomware attacks that have blighted US cities this year, and have even led some states to declare a state of emergency. But Texas decided to do something different from the other states hit by ransomware : they didn’t pay up.

This is all very impressive, of course, but chances are that the clean-up and recovery – combined with the disruption to normal services – has actually cost more money than it would have cost to pay the cybercriminals who were holding it to ransom. And that cost is likely to be passed on to taxpayers ultimately. Nonetheless, I applaud the Texas DIR for making the decision it did. Although it may have cost them more to recover from the ransomware attack than paying the ransom, in the long term a refusal to pay extortionists will help to discourage future attacks. After all, if victims won’t pay up – what’s the point?

Hackers who hit Texas with ransomware attack demanded $2.5 million, got nothing

Although it may have cost Texas more to recover from the ransomware attack than paying the ransom, in the long term a refusal to pay extortionists will help to discourage future attacks.

www.grahamcluley.com