“Attacks came from one single threat actor.”
More than 23 local government agencies in the American state of Texas are subject to a ransomware attack which began over the weekend and continues into the week.
The attack was detected last Friday morning when several agencies noticed that they were unable to access data connected to the Texas Department of Information Resources (DIR).
The attack on the US government departments appears to be a coordinate attack originating from a single threat group as the DIR commented in a statement that: “At this time, the evidence gathered indicates the attacks came from one single threat actor.”
Due to security concerns and the fact that these incidents are now subject to a federal investigation the Texas state department has not named the agencies impacted by the hack.
The DIR commented that State of Texas systems and networks are not affected and that with regards to the agencies involved: “Responders are actively working with these entities to bring their systems back online.”
Ransomware against US government sectors is becoming a frequent occurrence; recently New York, Tennessee and Georgia all reported cyber security incidents during which hackers targeted US government agencies in a bid to ransom money from state boards.
Ransomware on the Rise
Recently a report from IBM’s X-Force IRIS incident response team noted that a single destructive malware cyberattack can destroy over 12,000 devices in one attack, cost an organisation more than £164 million. They found that ransomware attacks are on the rise and over half now target the manufacturing industry.
In its report IBM stated that: “Destructive malware that disables access to data or destroys system functions has been expanding across geographies and industries over the past few years. Organizations previously thought safe from this form of cyber aggression increasingly find themselves affected.
“Historically, destructive malware such as Stuxnet, Shamoon, and Dark Seoul, was primarily used by nation-state actors. However, especially since late 2018, cybercriminals have been incorporating wiper elements into their attacks, such as with new strains of ransomware like LockerGoga and MegaCortex.”