Ransomware attack hits more than 20 cities
DALLAS >> More than 20 local governments in Texas were targeted in a coordinated ransomware attack of unprecedented size on Friday, but several of the cities had resumed normal operations by Tuesday, state officials said.
The Texas Department of Information Resources said in a statement that it believes a single source is behind all 22 of the attacks. It didn’t name the affected cities or provide details about the attacker’s demands.
The attack in Texas is similar to others that have crippled digital operations in cities around the country in recent years, Elliott Sprehe, a department spokesman, said Tuesday.
“Once it’s activated, your computer system is effectively locked from use until you pay that ransom as requested,” he said.
Cybersecurity experts said the number of cities affected by the Texas attack far exceeds attention-grabbing hacks of individual systems owned by cities, counties and state agencies in recent years.
The best recourse for victims of a ransomware attack is to restore the captive systems from a saved backup, assuming they have one, said Brian Calkin, chief technology officer for the Center for Internet Security. If not, officials must decide whether to pay the ransom or rebuild their system from scratch.
“Ransomware is mostly opportunistic,” Calkin said. “They’re casting as wide a net as possible and they want to see whoever they can catch and compromise.”
State and federal agencies, including the Department of Homeland Security and the FBI, are working with the affected Texas cities. Sprehe declined to provide more detail on the number of cities that have resumed normal activity or details of their recovery.
In Keene, a community of about 6,000 people about 45 miles southwest of Dallas, the attack took down all municipal computers and left the city unable to process credit card payments, said Landis Adams, the city’s economic development director.
City staff first noticed server problems early Friday morning and the computers of its roughly 50 employees have been unusable since, he said. Adams said he didn’t know what the attacker demanded and that he couldn’t provide much detail because of the ongoing investigation.
The Panhandle city of Borger said in a statement posted on Facebook that the attack on its computers took place Friday and initially prevented city workers from accepting payments and accessing vital records, including birth and death certificates. By Tuesday, the city said it still could not accept credit card payments but workers were able to access its servers and data.
Police, fire and 911 services were not affected and city officials don’t believe any credit card or personal information was compromised. City officials did not immediately reply to Tuesday messages seeking comment.
An FBI spokeswoman declined to comment on the investigation. Ransomware often spreads through emails containing malicious links or attachments or by visiting a compromised website.