Texas Cyber Attack Has Taken 23 Government Agencies Offline
The Texas Department of Information Resources (DIR) has confirmed that the State of Texas has been responding to a cyber-attack that started on the morning of August 16. At this point, it is known that at least 23 government agencies in Texas have been taken offline as a result of the attack.
What is known so far about the Texas cyber-attack?
According to a DIR statement, “the majority of these entities were smaller local governments,” although it has declined to name any of the 23 agencies taken offline by the attack. The DIR statement does confirm, however, that State of Texas networks and systems have not been impacted.
Get started on your cybersecurity degree at American Military University.
The Texas State Operations Center was activated on the morning of August 16 and had been working on a 24-hour basis ever since. Evidence gathered by the Texas Division of Emergency Management, Texas Military Department and the Department of Homeland Security and the FBI, amongst others, suggests that the attack was a coordinated effort from a single threat actor. It has also been confirmed that this was a ransomware attack and efforts are actively underway to bring the affected agencies back online as soon as possible.
Catalin Cimpanu, writing for ZDNet, stated that a local source had identified the ransomware that was used as being a strain identified as Nemucod by some security vendors. The ransomware “encrypts files and then adds the .JSE extension at the end,” Cimpanu said, adding “it does not leave a ransom note behind, confusing victims who most of the time don’t know what happened.”
Tsunami of ransomware
The Texas cyber-attack is the latest in something of a tsunami of ransomware aimed at U.S. government and state targets. Ionut Ilascu, writing for Bleeping Computer, reported that telemetry data from security vendor Malwarebytes “reveals that the U.S. has been at the receiving end of ransomware attacks more than any other country in the world, accounting for 53% of the global incidents.”
Louisiana Governor John Bel Edwards declared a state of emergency in July 2019, in response to a ransomware attack on school computer systems across multiple districts. Only two months earlier, key city systems in Baltimore were taken down by a ransomware attack.
The cybersecurity expert view
Ian Thornton-Trump, head of cybersecurity for Amtrust International, says that these attacks are critical not only from a general preparedness angle but also the more sinister and concerning “attacks at scale” perspective. “The threat of ransomware has been widely known since 2017,” Thornton-Trump points out, continuing “the fact that so many municipalities fell victim more than midway through 2019 is rather sad.”
Thornton-Trump is concerned about the disruption of services that can be achieved, over a localized area, by a threat actor who is willing to put the time and effort into targeting a ransomware attack such as the current Texas Nemucod incident. “I think that nation-state actors are looking at these sorts of mass-scale attacks and studying them carefully,” Thornton-Trump warns, “I’ve thought about cyber as an enhancement to kinetic events, and this sort of attack before the beginning of hurricane season is rather chilling.”
Jumping to conclusions as to the motivations of the Texas attack is unwise at this stage of the investigation. However, it’s certainly fair to say that general preparedness for these kinds of cyber-attack needs to be looked at, and looked at hard. Especially given the potential for such attacks to hit political events with potential scale and impact far beyond the original infected systems or, for that matter, the original intent of the attacker.