Texas municipalities struggle to recover from ransomware attacks

Borger and Keene confirmed they are among the 22 municipalities in Texas that were hit with ransomware attacks last weekend.

“Keene is working with law enforcement to resolve a cyber incident that impacted servers statewide,” the city said on its Facebook page, explaining that online payment was down and there wouldn’t be any utility disconnections in the offing. “Our drinking water is safe,” the city added.

In Borger, the Vital Statistics department remained offline and the city said because couldn’t receive online payments for utilities or other services, it wouldn’t assess late fees or shut off services.

“This attack has impacted normal City business and financial operations and services, however, the City has implemented its continuity of operation plans and the City continues to provide basic and emergency services (Police, Fire, 9-1-1, Animal Control, Water, Wastewater and Solid Waste Collection),” the city said in a statement.

Borger, like other municipalities doesn’t know when operations will return to normal after suffering attacks beginning Friday that the Texas Department of Information Resources (DIR) believes was the work of “one single threat actor.”

Cloud Security provider Armor, which identified Borger as one of the casualties in the Texas attacks as well as Wilmer, Kaufman, Lubbock County, Grayson County and police departments in Bonham, Graham (where the ransom was $5 million) and Vernon, found that 134 organizations in the U.S. have been publicly reported as victims of ransomware this year, with municipalities making up the largest portion of those targets. Last week’s attacks bumped up Texas to the number one slot logging 30 attacks with Georgia and New York behind it with nine and eight, respectively.

Cody Brocious, hacker and head of hacker education at HackerOne contends the attacks will continue “as long as we as a society continue paying ransoms.” Municipalities and other entities should “maintain regular (offline!) bacKeenekups, keep [their] systems up to date, and don't pay ransoms,” if hit, he said.  

“At this point, it's akin to choosing not to get a flu shot; sure, if you're healthy then you're not likely to die from the flu, but you may transmit it to someone who will,” said Brocious. “Giving in to these criminals is acting against the public good, which just ends up protecting organizations from the consequences of not taking their data seriously.”

SonicWall CEO Bill Conner emphasized that “until organizations are serious about ransomware protection, these types of wide-reaching ransomware attacks will” continue.

“As we’ve witnessed across K-12 school districts and municipalities this summer, ransomware attacks are highly disruptive,” said Conner. “Today’s citizen-centric environments — networks that spread across city hall, law enforcement agencies, court houses and the DMV — can be compromised in minutes.”

Noting that “the coordinated ransomware attacks that took place across Texas are just the latest in a long string of cyberattacks against the public sector,” Arcserve CTO Oussama El-Hilali said “With this surge in cybercrime, it’s more important than ever for IT decision-makers to proactively update their disaster recovery strategies so they don’t find themselves in a similar situation.”

That preparedness seemed to save Lubbock County. “Our IT department was right on top of it,” Lubbock County judge Curtis Parrish. “They were able to get that virus isolated, contained, and dealt with in a very quick manner so it did not affect any other computers or any other computer systems here in Lubbock County.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.