More than a score of Texas cities have been hit with ransomware, crippling their municipal computer systems and accounting for one-third of all municipal ransomware attacks so far this year, according to Armor Defense Inc., a cloud-security company. It released a ransomware report Tuesday.
Among the latest cities is Borger, Texas, which says evidence suggests the attacks come from “one single threat actor.” State and federal agencies are investigating the attacks. In the meantime, Borger says its Vital Statistics service, which includes birth and death certificates, is offline and the city is unable to accept utility or other payments. It has waived late fees and is shutting off services until normal operations resume, according to a press release.
So far this year, Richardson, Texas-based Armor has tracked 133 publicly reported ransomware attacks on U.S. organizations, ranging from municipalities, law-enforcement agencies, and payroll providers to health care providers, among others. Overall, the majority of attacks—67—have targeted municipalities, followed by health care, 23, and education, 16.
Ransomware attacks, in which a criminal encrypts a computing system’s data and offers to supply a decryption key upon payment of ransom, are relatively cheap to conduct. Armor found on the dark Web ransomware kits selling for as little as $225. One kit, for $500, included the ransomware software and a tutorial. One Florida city this summer paid 65 Bitcoin, or about $600,000, to be released from ransomware.
Why so many in Texas? It might be hard to tell without knowing the motivation and how the systems were infected, Chris Hinkley Sr., a security researcher with Armor’s Threat Resistance Unit, says. It could be to invoke a “shock and awe” reaction or “perhaps the threat actor(s) is trying to raise the level of urgency for payment by creating a mass infection,” Hinkley says in an email.
“However, outside of the 23 recent attacks, there are 7 other Texas municipalities which have been victims of ransomware in 2019,” he says. “The TRU team is not very surprised by this as there is a large attack surface in Texas being that there are 1,216 incorporated cities in the state and 35 of these cities contain over 100,000 residents. All of this, plus a state with the population of 28.3 million residents, makes Texas a very attractive target.”
One explanation why criminals might favor municipalities is that they generally have financial constraints, which usually means they have fewer security protections in place than a private organization, Hinkley says. “Between housing critical data and having less security, [this] makes cities a potentially softer target.”
The best protection against ransomware is to have offline data backups, Hinkley says. “Testing is extremely important to ensure that the data is viably and reliably restorable in the event that backups are needed. Also, anti-malware, endpoint detection, and continuous employee security awareness training is also very important. Organizations are only as secure as their weakest security link, and unfortunately, people will always be that link.”