Texas Rejects Cracker Ransom, Network of 22 Normal Cities Return
Remember the massive ransomware attack – the malware that has taken hostage to a computer network system – against 22 city governments (not 23 cities as reported previously) in Texas, United States?
The latest news, the municipalities finally did not comply with ransom requests from hackers, as quoted by ZDNet, which was accessed Saturday (October 19, 2019).
The Texas Department of Information Resources (DIR) said that more than half of the affected municipalities had returned to normal operations, just three weeks after the incident occurred.
The attack was still and coordinated on August 16 when hackers damaged the network through the Sodinokibi ransomware (REvil). Hackers asked for a collective ransom from all 22 cities and districts worth US$ 2.5 million in Bitcoin, writes NPR.
In this attack, Texas immediately acted quickly like Louisiana did when it was attacked by ransomware at three of its schools. In fact, Louisiana set the incident as a disaster emergency.
Texas also mobilized an emergency cyber team to deal with the infection. The Texas DIR mobilized experts from more than ten government agencies and private sector partners to help the network recover quickly.
Some cities restore the system from data backup, while others rebuild the network from scratch. This is what makes the city government does not need to pay a ransom.
Ransomware attacks increased during the first semester of 2019 in the United States. Some cities that were attacked even had to surrender to pay the ransom offered by hackers, such as Riviera City, Florida, Lake City, Florida, and Jackson County, and Georgia.
Their decision to pay has drawn criticism from the public, especially taxpayers. The IBM survey published this week also showed this criticism. As many as 60 percent of respondents (US taxpayers) oppose the municipal government to use the state budget to pay ransom to hackers.
In contrast, 90 percent of respondents said they would support the US government to increase federal funding to improve city cyber security.
The wave of refusal is indeed reasonable. Therefore, hackers can be more courageous to attack because there are a number of cities that are defeated and choose to pay.
Moreover, there are insurance companies that tend to advise the government to pay a ransom instead of covering the huge costs of rebuilding an IT network from scratch.
This week there was also a ransom request from a hacker who sent ransomware to the Massachusetts City Government for US$ 5.3 million. The offer was rejected and the city administration decided to recover from reserves despite initially willing to pay US$ 400,000.
As a lesson for other cities, the Texas Government also makes some kind of steps that can be applied if other cities are affected by ransomware, including:
- Only allow remote access authentication to software from within the network provider
- Use two-factor authentication on the remote administration tool and Virtual Private Network (VPN) instead of the remote desktop protocol (Remote Desktop Protocol)
- Block incoming network traffic from Tor Exit Nodes
- Block outgoing network traffic to Pastebin
- Use Endpoint Detection and Response to detect Powershell (PS) running the unusual processes.