Twenty-two Texas local governments are striving to recover from coordinated ransomware attacks, and some of those government agencies are already back online, according to the Texas Department of Information Resources (DIR).
Updated August 21, 2019: The attacks may potentially deliver a black eye to the managed IT services provider (MSP) market. According to an NPR report, the hacker attack involved "information technology software used by the city and managed by an outsourced company."
MSSP Alert is checking to see if the NPR source was referring specifically to an MSP, a software company or some other third party that supports Texas local governments. There's there's speculation that the statement actually refers to the Texas Department of Information Resources (DIR) rather than an MSP as the culprit. The DIR is a sourcing organization that allows local Texas government organizations to source IT solutions.
Updated August 20, 2019: The DIR disclosed the attacks on August 16, 2019, and provided the following updates on August 20, 2019:
- The number of confirmed impacted entities has been reduced to 22, down from a previous report of 23 local governments.
- As of the time of this release, responders have engaged with all 22 entities to assess the impact to their systems and bring them back online.
- More than 25 percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.
- The State of Texas systems and networks have not been impacted.
- Evidence continues to point to a single threat actor.
- Investigations into the origin of this attack are ongoing.
Technology vendors such as Dell Technologies are offering product discounts to assist the recovery efforts.
Texas Governor Greg Abbott's website has not mentioned the ransomware attacks as of August 20 at 6:00 p.m. ET.
Original MSSP Alert Report from August 17, 20219
The department did not disclose whether the entities were Texas cities, towns, counties or specific departments within such entities.
The size and scope of the attacks -- in terms of how many computers and applications were hit -- also were not disclosed.
According to an August 16 statement from the DIR:
"Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions. Further resources will be deployed as they are requested."
MSSP Alert will continue to follow to update this story as more details surface.
Ransomware Attacks Government Infrastructure
Ransomware attacks continue to plague federal, state and local government agencies across the United States.
The fallout so far: As of July 2019, ransomware attacks have hit at least 170 county, city, or state government systems in the United States since 2013. Moreover, 22 of those attacks occurred in the first half of 2019, according to The U.S. Conference of Mayors.
The most recent attacks have hit these U.S. cities.
Those mayors have vowed to stop paying ransomware demands from hackers, but those same mayors will need to boost their cybersecurity and business continuity stances in order to ensure they can maintain such a vow.
MSPs Also Suffer Ransomware Attacks
MSPs have also suffered ransomware attacks in recent months. The fallout has included:
- An MSP paying hackers $150,000 to unlock data;
- hackers specifically targeting MSP software platforms to launch ransomware attacks; and
- Ryuk ransomware hitting a CSP that works closely with MSPs.
Hackers worldwide have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.
Amid that threat landscape, MSP software providers and their channel partners are increasingly activating two-factor authentication as a means to stop hackers from entering systems.
