Posted by: Heather Toll on August 23, 2019 at 8:00 am
Twenty-two towns in Texas were hit by ransomware last week, according to the Texas Department of Information Resources (DIR). That’s surprising enough. But the really scary bit is that they were all hit at the same time.
A couple of factors can cause this kind of simultaneous attack. Online technical magazine ZDNet identified the culprit as Sodinokibi (REvil), a well-known strain of ransomware-for-hire. So, for one thing, the virus involved may have been deployed specifically by a single criminal against the 22 towns.
Another source could be just as unnerving: the towns’ outsourced IT provider may have been hacked as well. In fact, that seems to be the case in this attack.
On Wednesday of this week (August 21), NPR interviewed the mayor of one of the affected cities. Gary Heinrich, mayor of Keene, Texas, revealed that the attack came via an outsourced IT company used by many of the towns.
“They got into our software provider, the guys who run our IT systems,” Heinrich says in the article. “A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house.”
Hackers increasingly attack MSPs because of the data-sensitive nature of our work, as well as the access they have to multiple clients. While the benefits of outsourced IT outweigh the risks to small business owners, it is vitally important to choose a company with an excellent track record and reputation.
Not all is terrible in Texas, however. The state’s response to the attack has been nothing short of impressive.
Consider the timeline. On Friday, August 16, several locations reported difficulty accessing data and contacted DIR. By 5:00 PM, local time, the department determined that the attacks came from a single threat vector. More than 10 cybersecurity entities are working together to counteract and mitigate the attack. By Tuesday, August 30, normal operations already resumed at several of the affected towns.
Hackers demanded $2.5 million to restore the encrypted data. They probably won’t see a dime of that. In fact, the FBI strongly recommends never paying for ransomware if at all possible.
We’re confident in our abilities here at TAZ Networks, but only a foolish MSP or other outsourced IT provider would claim invulnerability. We strive for solutions that improve data security for our clients… but for our own company as well. After all, protecting our clients is why we’re here.