Over 20 entities in Texas have been hit by a ransomware attack in which hackers have demanded $2.5 million to be paid via Bitcoin.
Although none of the places targeted, all of whom appeared to be small local governments, paid the money, Texan police did say that the State Operations Centre had been activated to level II.
A quick response
The incident occurred on 16th August this year and by 23rd August, it’s believed that all entities affected were in recovery. This was thanks to the response teams putting in a plan of action that began to eradicate malware within hours of the report occurring.
“Information security is everyone’s responsibility. From IT providers to end users, we all must remain vigilant and practice good cyber hygiene practices.” Says Nancy Rainosek, Chief Information Security Officer of Texas, Texas Department of Information Resources.
To prevent ransomware attacks from happening, Rainosek further suggests that companies must “only allow authentication to remote access software from inside the provider’s network”, and, “Use Endpoint Detection and Response (EDR) to detect Powershell (PS) running unusual processes.”
Was this the right move?
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, has commented on the event. He says: “In a short term prospective the decision may be questionable and cost-unconscious. Someone has to pay for dozens of agencies and their personnel to “rebuild networks from scratch” as reported. Most likely the burden will again fall on the taxpayers’ shoulders and largely surpass the ransom demanded. It’s like SWAT saying we won’t negotiate with terrorists after shooting the hostages.”
Adding: “However, given that no human lives are at stake, in a long term prospective, such rigid tactics may well disincentivize the attackers. This will, however, not resolve the root cause of the incident: lack of visibility across digital assets, poorly implemented fundamentals of security (e.g. proper backup management) and security skills shortage. These essentials need to be addressed without further delay.”