Bill Clark / CQ-Roll Call, Inc.
Texas is the last state to be hit by a cyberattack. Officials confirm this week that computer systems in 23 communities have been infiltrated by hackers demanding a ransom of the ongoing violation, which started on Friday morning and affected mostly smaller local governments. Officials have not disclosed which specific locations are affected.
The investigators have not yet figured out who or what is behind the attack that put the systems offline. However, according to the Texas Ministry of Information Resources, the evidence to date indicates "one single threat actor".
Elliott Sprehe, a According to a ministry spokesman, none of the cities has paid the unknown ransom demanded by hackers. He said that the affected areas are predominantly rural.
Experts say that while government agencies have been increasingly hit by cyberattacks, simultaneously targeting nearly two dozen cities is a new form of cyberattack.
"The unique thing about this attack is that we've never seen how coordinated this attack is," said threat intelligence analyst Allan Liska. "The ransomware attack has a new front," he said. "It's absolutely the biggest coordinated attack we've ever seen."
Liska's research firm Recorded Future has found that ransomware attacks on states and communities are increasing. Since 2013, at least 169 examples of hackers have come across government computer systems. There have been more than 60 years, he said.
In recent months, Baltimore's data networks, the Georgia court system, and a Utah county have been hit by ransomware.
The hacker bait usually consists of a seemingly harmless e-mail with links or attachments that can infect a system after opening. According to Liska, there are other popular ways to access government networks, such as remote desktops, which may be susceptible to hackers.
While the attackers tend to be anonymous and do not disclose their locations, Liska has found, according to his research, that few are based in the US.
And sometimes local governments see no other way to restore their crippled networks than to pay the ransom demanded by hackers. In Lake City, Florida, a city of about 12,000, officials paid $ 460,000 in the form of Bitcoin, the cyber-attacker's preferred method of payment.
"They shut down the servers, literally walked around the town hall, pulled out the people's power cords, and turned off all the computers," said Mike Lee, Sergeant of the Lake City Police Department, to NPR in July. 19659008] The ransom was paid by the insurance company, but taxpayers were still on the hook for a $ 10,000 deductible.
The Recorded Future study found that about 17% of local authorities are infected with ransomware viruses. This is seen by federal police as an incentive for cybercriminals to continue to participate in the activity.
Linska said that in cities he has worked with and hackers have tracked down, there are cases where the only viable option is to seek the return of data.
"Sometimes reality may require it," he said. "If the backups do not work, or if the bad guys encrypted your backups, that's not what you're after."
People, businesses and institutions such as hospitals have been victims of ransomware attacks for years. With recent attacks on states and city governments, local officials are hurrying to secure their computer systems, holding new training courses and securing their servers, Liska said. In smaller areas, where there is little money available, building a security defense could be challenging.
In Texas, state agencies have not yet announced exactly where the attacks took place or how many computers got into the vulnerability, which means they do not yet know which services or data might have been compromised.
Twenty-three cities at the same time were bad, but we do not know how much damage was done, "Liska said." One computer in each city compared to 100 computers in each city makes a big difference. "