Are cities ready to do anything about this yet? New ransomware strike kicks 23 Texas agencies offline.
That’s the regular media article, so it contains virtually no technical info. But that’s the state of the regular media. Well at almost the end of the article, they do quote ZDNet by mentioning Sodinokibi ransomware also known as REvil.
So let’s look at ZDNet: Over 20 Texas local governments hit in ‘coordinated ransomware attack’
The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR).
Texas does have a statewide office for dealing with this crap, so at least there is someone for the impacted cities to call, but being hit by 23 cities at one time is going to stretch their resources. (That’s a guess on my part BTW.) And in a statement that surprises no one, this is all the result of a single bad person or group.
There are some indications that the OSTAP Trojan is how this thing moved around in the networks.
UPDATE: Lubbock County was also targeted, but was able to contain the ransomware fairly early on, and was not impacted. The Texas DIR reports that about one quarter of the towns hit in this attack have been able to resume operations. Via ARS Technica.
I am still trying to find some info on how this attack got into 20 plus cities/counties at the same time. At a guess, I would say phishing. The bad guys formulated an email, pretended to be from someone people working for cities and counties in Texas would trust. (Someone from the state, or an association of mayors or something.) And they were in with either TrickBot or OSTAP Trojan. (Both of those are often found together.) But the FBI likes to limit any information coming out while they investigate, though most of the “press people” from the cities wouldn’t understand the technical side of things, even if the DIR/Tech support folks had time to brief them.