Ransomware Attack Hits 22 Texas Towns, Authorities Say (Aug 20, 2019)
On August 16, systems of 22 Texas towns were hit by a ransomware attack. The threat actors were able to block access to the data on the town’s systems until a ransom is paid. Without stating whether the ransom was paid, the systems were recovered with the Governor designating the attack as a Level 2 Escalated Response. Little has been released about the attack, however officials state it was one single threat actor. In the days following the attack, the attackers demanded $2.5 million to provide the keys needed to decrypt the files. Other states are taking precautions in the event they are targeted to.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS), but as this news shows, new threats are constantly evolving to bypass these protections. Always keep your important files backed up. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.