Texas local government refuses to pay up to ransomware attack

Twenty-two government entities in Texas reported a ransomware attack recently – with the ransomware extortionists seeking US$2.5 million to be paid in Bitcoin.

The majority of the affected entities were smaller local governments, with the large-scale coordinated ransomware attack hitting them across Texas, early in the morning.

The malicious software was said to be spread through an unnamed managed services provider that was compromised by the hackers, causing widespread disruption across the state. The mayor of the Texas city of Keene had reportedly said hackers breached the city’s network using the software used by an IT company to remotely manage Keene’s infrastructure.

One local authority, the city of Borger, posted on its official Facebook channel that it could not process payments for any services, with other local governments informing their constituents that services were disrupted and were having to be performed manually.

The Texas’ Department of Information Resources reported that there is no indication that any ransom was paid out by any of the local governments, with many municipalities refusing to cooperate with the attackers.

Despite the widespread, coordinated nature of the ransomware attack, Texas officials were prepared for the incident – following several similar incidents across America last year – deploying emergency cyber-teams to deal with the infections, restoring impacted systems from back-ups, and in some cases rebuilding networks from scratch.

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, commented on the incident: “In a short term prospective the decision may be questionable and cost-unconscious. Someone has to pay for dozens of agencies and their personnel to ‘rebuild networks from scratch’ as reported. Most likely the burden will again fall on the taxpayers’ shoulders and largely surpass the ransom demanded. It’s like SWAT saying we won’t negotiate with terrorists after shooting the hostages.

“However, given that no human lives are at stake, in a long term prospective, such rigid tactics may well disincentivize the attackers. This will, however, not resolve the root cause of the incident: lack of visibility across digital assets, poorly implemented fundamentals of security (e.g. proper backup management) and security skills shortage. These essentials need to be addressed without further delay.”