A recent spree of ransomware attacks in Texas have highlighted the increasing threat they pose to city governments, with experts warning the "lucrative" attacks won't go away.
The Texas Department of Information Resources (DIR) has confirmed that 22 Texas entities, mostly local governments, have been hit by the ransomware attack that took place late last week. DIR pointed to a “single threat actor” as being responsible for the attack, which did not impact any state-wide systems.
While the agency has refused to identify which entities were attacked due to an ongoing investigation, the governments of Keene, Texas and Borger, Texas, announced this week that they were among those impacted, with the attackers making it difficult for the two towns to handle utility payments from residents.
Keene Mayor Gary Heinrich told NPR’s Morning Edition on Tuesday that the hackers, who have not been identified, have demanded $2.5 million from the towns and other entities impacted collectively. Heinrich called the attackers “stupid people” for expecting Keene to pay up to regain access to their systems.
For experts, the spate of attacks on small towns is delivering a wake-up call to government officials.
One top expert emphasized that such attacks, which involve a malicious actor encrypting computer systems of an entity or group and demanding payment to return them to normal, are among the most common types of cyber attacks.
“It’s certainly one of the most prevalent, certainly one of the most lucrative, that keeps it in the top five lists of threats that are out there,” Mark Orlando, the chief technology officer of cyber protection solutions at Raytheon Intelligence, Information and Services, told The Hill.
There have been a string of ransomware attacks on other cities around the United States prior to the Texas attacks that appear to back up Orlando.
And the ransomware attacks often force tough choices on their victims.
In May, city systems in Baltimore were taken out by a debilitating cyber attack, with hackers demanding $76,000 to give the city access again to its systems. But Baltimore's mayor refused to pay the ransom, a costly decision for the city. According to the CBS affiliate in Baltimore, as of June, the city had spent $18 million to get city employee email accounts back up and running, along with other fixes.
In 2018, Atlanta was hit by a similar attack, with hackers demanding the equivalent of over $50,000 in bitcoin. Atlanta also chose to spend millions to address the results of the attack rather than pay the ransom.
The Department of Justice (DOJ) later indicted two Iranian men for deploying the SamSam malware virus against Atlanta, the government of Newark, N.J., the Port of San Diego, and hospitals and public institutions around the United States. In total, DOJ estimated that hackers caused the loss of $300 million for their victims.
Some cities that have been attacked have chosen to pay the ransom instead of spending more to replace computer systems.
In June, the leaders of Riviera Beach, Fla. paid hackers almost $600,000 in bitcoin to gain back access to their computer systems. The attack occurred after a city employee opened an email that contained the ransomware virus.
Orlando said the approach taken by cities in response to ransomware attacks often depends on their size and resources available.
“Baltimore for example, they chose not to pay, and instead spent a lot of money reconstituting their networks, they took the hit,” Orlando said. “It’s hard to ignore the pattern that we’ve had some large cities that were able to find the funds to rebuild, and then we’ve seen the smaller municipalities that choose the other direction.”
Cities are not alone in responding to these ransomware attacks. In Texas, the FBI, the Department of Homeland Security (DHS), and the Federal Emergency Management Agency (FEMA) are among the federal agencies responding to and investigating the ransomware incidents. The FBI also responded to the attack on Baltimore.
DHS's Cybersecurity and Infrastructure Security Agency (CISA) has published guidelines that it recommends organizations follow in regards to protecting themselves against ransomware attacks. Those recommendations include updating software, not clicking links in unsolicited emails, and backing up data on a regular basis.
Niam Yaraghi, a non-resident fellow with the Brookings Institute’s Center for Technology Innovation, echoed some of CISA’s steps, recommending in a Brookings article published in June that in order to prevent ransomware attacks, “basic security safeguards” should be put in place, and groups should invest in new technology.
“Government agencies usually have less resources to invest in information security technologies,” Yaraghi wrote. “Old and fragmented computer systems exacerbate this problem, since older systems are much more difficult and expensive to maintain than newer one.”
“Despite these difficulties, all levels of government should invest in upgrading security technologies to reasonable levels, or else many more agencies will soon become victims of ransomware attacks," Yaraghi stressed.
As cities in Texas grabble with the latest wave of ransomware attacks, Orlando pointed to one silver lining.
“These things are going to continue, and what’s most important is not necessarily assigning blame and arguing about whether to pay, I think it’s to learn as much as possible,” Orlando said. “They are learning from what they are seeing, and I think that is fantastic and is a trend that should continue.”