The problems started on the past Friday, the 16thof August. It was activated the level two of emergency in the North American state.
The informatic systems of more than twenty local governments and small cities in the North American state of Texas were victims of a ransomware attack that blocked the access to services of multiple organizations for four days. On this type of attacks, it is required a ransom to reset the access to the information or the systems.
On an announcement published on social media, the Department of Informatic Resources of Texas (DIR) informs that problems began in the morning of the past Friday, and it looks like they all have the same source.
For now, there’s no specific information about the entities hit with an attack, the value asked for the rescue, or the specific method used to unleash the attack. “We can’t comment about the actual incident of Texas because there is a federal investigation in progress”, justified Elliot Sprehe, spokesman of DIR, answering the questions of PÚBLICO. The only information available is that, in the beginning of the week, the number of affected entities had been reduced to 22, and that informatic systems of local small governments were the most affected.
Still during Friday, the governor Greg Abbott classifies the incident to a “level two answer”. This means that “the normal operations of the State and the local governments can be affected” and that “the level of emergency expanded over what can be solved by local aid services”, according to the Texas manual for emergency situations. This is the third step of the Texas protocol for emergency situations, which has four levels (the level one corresponds to the most severe type of incident). Usually, it is activated during extreme climate events (for example, a flood or a tornado) or medical emergencies.
The Military Department of Texas, the Intern Security Department of United States, and the cybersecurity section of the FBI are some of the organizations participating in the investigations. There were sent various cybersecurity professionals to affected areas to evaluate the damage and help the local governments to put (their online services on.
Although it doesn’t exist precise information about the source of the Texas attack, the ransomware attacks are associated to social engineering stratagems, on which the attackers use fake emails (for example, in name of a bank, a social media, or other trustworthy entity) to get someone to load a malicious link or to upload a virulent file.
The attack cases capable of stopping entire cities has been growing. On March of 2018, the computers and servers of the municipal authorities of Atlanta, in the USA, were also victims of a ransomware attack, that blocked the access to various apps and services, such as tax payment or the access to Wi-Fi on the airport. Most recently, on May of this year, criminals blocked the access to part of the informatic systems that take care of the Baltimore government, in the state of Maryland, USA, delaying the delivery of light bills and making it difficult the send off alerts by the health authorities.
In July, more than 227 mayor presidents of the USA signed an agreement to refuse paying asked rescues by cybercriminals to give back the access to the informatic systems. Since the beginning of the year, there were registered 23 cyberattacks (including one this week, in Texas) in cities, countries and local governments.
We also know about global scale ransomware attacks. There is the Wannacry case, a malicious program that in 2017 spread to companies and public entities of various countries (including Portugal), encrypting files and demanding a rescue in virtual coins to reset the functioning of the affected computers. In the UK, the situation has obligated various hospitals to transfer unhealthy people after they saw their computers infected.
On a press release about the recent attack, the Informatic Resources Department of Texas alerts Internet users to be careful with opening documents attached in entities text messages or unknown people, to keep their antivirus system updated, and to activate multifactorial authentication systems (for example, having to insert a code that you receive on your mobile phone, or also having to put a password to access to a certain service).
Originally published in Portuguese in Público on the 21th of August of 2019 by Karla Pequenino