Texas Ransomware Hackers Demand $2.5 Million

IBM

Ransomware attack on small local government systems in Texas collectively demands $2.5m

The amount of money cybercriminals are seeking has been evidenced after it was reported that hackers are demanding $2.5m ransom from local authorities in Texas.

Earlier this week small local government departments in the US state of Texas had their IT systems knocked offline after a “co-ordinated” ransomware attack “from one single threat actor”.

Texas Suffers ‘Co-ordinated’ Ransomware Attack

The US has suffered a number of notable ransomware attacks in recent months, with certain US cities being hit particularly hard. Some cities opted to pay the attackers, whilst others refused.

Texas Ransom

According to Bleeping Computer, which cited the mayor of a municipality as saying that the the hacker is demanding a collective ransom of $2.5 million.

The names of all the municipalities in Texas impacted by the attack remain undisclosed, but two of them (City of Borger and Keene) publicly announced the attack.

Keene like the others impacted by the attack, cannot process card payments or utility disconnections.

Keene Mayor Gary Heinrich was quoted in the US media as saying that the threat actor demanded $2.5 million in exchange for the key that decrypts the locked files.

Heinrich told NPR that the threat actor deployed the ransomware through the software from the managed service provider (MSP) used by the administration for technical support.

Last month a string of ransomware attacks on school networks in the US state of Louisiana led to Governor John Bel Edwards to declare a ‘state of emergency’ in order to give the state access to assistance from public bodies.

Texas meanwhile has drafted in cyber-security experts, as well as the military and counter-terrorism units, including the Texas Division of Emergency Management; Texas Military Department; Texas Department of Public Safety; as well as the Department of Homeland Security; the FBI; and other Federal cybersecurity partners.

Do not pay

Ransomware attacks are on the rise in the US and the government sector is a frequent target. Matters are not helped when local authorities or cities opt to pay the hackers.

“US government bodies have recently been a major target for ransomware attackers as they have been seeing huge pay outs from their attacks, with numerous governments giving into attacker demands and reportedly paying ransoms,” said Robert Ramsden Board, VP EMEA at Securonix.

“It is therefore not surprising the attackers in this incidence are demanding such a huge amount of money – if it worked with previous government agencies, why should it work again?” he added.

“However, it generally is never recommended to pay ransom demands as this only fuels the industry,” said Ramsden Board. “Instead the best defence against ransomware is a comprehensive security program that protects against known threats and malicious intent or behaviour. Companies and governments have an obligation to protect themselves and their citizens or customers from ransomware attackers. Protecting data assets should now be considered a key component of national defence.”

This advice not to pay attackers was repeated by another security expert.

“As long as we as a society continue paying ransoms, these attacks will continue,” said Cody Brocious, head of hacker education at HackerOne.

“Maintain regular (offline!) backups, keep your systems up to date, and don’t pay ransoms if you do happen to get hit,” said Brocious. “At this point, it’s akin to choosing not to get the flu shot; sure, if you’re healthy then you’re not likely to die from the flu, but you may transmit it to someone who will.”

“Giving in to these criminals is acting against the public good, which just ends up protecting organisations from the consequences of not taking their data seriously,” he added.

City attacks

In May a ransomware attack crippled local government services in the city of Baltimore. That city refused to pay the hackers, despite email accounts being disabled and online tax payments unable to be processed.

That city estimated losses of around $18m (£15m) from the attack. The hackers had demanded $100,000 worth of Bitcoin.

But other US cities have opted to pay.

Florida-based Lake City has a population of over 12,000 people, and it opted to pay hackers after a ransomware attack.

The Lake City decision to pay the hackers $500,000 (£394,000) was aided by the fact that insurance would cover most of the ransom.

It came after the council of another city in Florida (Riviera Beach City) voted unanimously to pay hackers $600,000 who took over their computer systems via a ransomware attack earlier this year.

Do you know all about security? Try our quiz!