The Hole in the Firewall Gang
In our mythology of the American past, towns were terrorized by roving gangs who would rob one town then head to the next. Welcome to 2019. New technology. Old tricks.
Recently, we wrote about a rising trend in ransomware attacks targeting local governments. Since then, news broke that 22 towns in Texas have become the latest victim of these attacks. Investigations are still underway, so information on the exactly causes has yet to be released to the public. However, according to NPR, a mayor of one affected town said the attackers are asking for $2.5 million to unlock government files.
What sets this apart from the recent onslaught of ransomware news is the highly coordinated nature of these attacks. Texas officials believe the attack to be caused by “one single threat actor,” targeting specific agencies rather than entire government systems.
Texas governor Greg Abbot classified the attack as a Level 2 Escalated Response — the second-highest level of alert in the state’s emergency response system — indicating that the scope of the incident is beyond what local responders can manage. Cybersecurity experts from the F.B.I., the Federal Management Agency, and the Teas Military have all been called in to respond.
One pattern many have noticed is the relatively small size of the towns attacked. Of the 22 towns affected, four of them have a total of 31,000 residents. In many cases, small governments have underfunded IT departments, making it difficult to maintain effective cybersecurity practices. Frequently, ransomware attacks are will target systems based on opportunity. Instead of wasting the effort of cracking systems with strong security systems, attackers will go after those with easy access. Local government’s like those these Texas towns are therefore prime targets for these types of attacks.
News of the attacks not only show that government ransomware attacks are on the rise, but also an increase in the level of sophistication. In an article in the New York Times, Allan Liska, the author of a recently report on government ransomware attacks, said that “if this turns out to be a new phase — because bad guys love to copycat each other — we’re going to see a continued acceleration of these kinds of attacks.”
If this news teaches us anything, it’s that public and private business should not wait, but put it place processes now to prevent being the next victim of a ransomware attack. All organizations should make sure that they are testing their backups regularly, patching their systems, and engaging their staff in cyber awareness training.
And rustle up a posse. Because they are coming.