Texas municipalities were recently stricken with ransomware attacks, to the tune of $2.5 million. Texas agencies have reportedly refused to pay the ransom, but the coordinated attack could spell trouble in the future for government agencies.
22 Agencies Hit By Ransomware on August 16th
On August 16th, 22 agencies in Texas were hit by ransomware. By August 23rd, over half of these agencies had resumed business-critical operations, but the impact of the ransomware was still significant and devastating.
The agencies weren’t individually hit. Instead, a third-party solution that the agencies were using to manage their technology infrastructure was compromised. Third-party solutions are a known vulnerability in the private and public sector. Often, when high-profile attacks have occurred, it’s been due to third-party compromises.
Agencies that were stricken by the ransomware found themselves locked out of their computer systems. The ransomware, known as Sodinokibi (REvil), requested $2.5 million for the return of the encrypted data. However, it appears that most of the agencies involved have restored their data from backups rather than paying this ransom.
Ransomware is a very popular method of attack today, because it’s extremely low-risk. Attackers are able to send ransomware to as many agencies and third-parties as they desire, with the hope of infecting a system. Many business owners and agencies will find themselves paying the ransom to get their data back, especially if they don’t have backups available. Since these attacks often can’t be traced, the attackers themselves have minimal risk.
In the past, businesses and cities have paid the ransom largely because they needed to continue their operations quickly. For a business, interruption can cost millions per day. For public agencies, interruption can mean that citizens aren’t getting the services that they need, even potentially critical services.
However, agencies and businesses also have a vested interest in denying these attacks. The more the attacks are denied, the less frequent they will become. By refusing to pay the ransom, Texas municipalities were able to show that ransomware is ineffective against their system. This lessens the chances that they could get hit again.
What is Ransomware?
Ransomware is a malicious program that encrypts the contents of a computer, server or even a personal device. Once the data has been encrypted, the application asks for a ransom to be delivered for the information to be unencrypted. If the data isn’t unencrypted, it can’t be accessed: modern encryption protocols are so advanced that they generally cannot be unbroken. If the ransom is paid, the attacker may provide a decrypting key. This ransom can be hundreds, thousands, or tens of thousands of dollars.
Ransomware has become more popular with the proliferation of cryptocurrency. Cryptocurrency makes it even harder to track ransoms, because ransoms are paid on a digital currency that can be transferred and moved many times by anonymous parties. In the past, ransomware had to rely on mailed-in checks or wire transfers, which were inherently traceable and higher risk. As cryptocurrency becomes more popular and more easily traded, ransomware is also likely to continue increasing in volume.
However, ransomware is also notable for being relatively easy to avoid, for one reason: backups. If companies or individuals have regular, up-to-date backups, they can choose to restore those backups instead of paying the ransom. Ransomware tends to be most harmful to companies and individuals who haven’t kept up-to-date backups or who keep their backups on the same system as their original data. If the backups are on the same network as the ransomware, the backups will also be impacted.
The Texas municipalities that were struck were able to resume their operations quickly because they were able to redeploy their backups quickly, and that’s something that any entity — public or private — should keep in mind.
Protect Yourself from Ransomware Today
If you’re worried about ransomware, there’s action you can take to protect yourself now. Install an antivirus scanner, avoid any potentially malicious downloads, and automate your backup process. Keeping a backup of your files is the best way to mitigate ransomware attacks, but make sure your backups aren’t connected to your network.
As a pre-approved GSA government vendor, PS LIGHTWAVE provides a range of local and federal government and public entities. To learn more about PS LIGHTWAVE and how we can help your internet needs, contact us today!