PortandTerminal.com, August 18, 2019
Hackers breach 20 Texas government agencies in ransomware cyber attack. Latest attack reminds of Port of San Diego ransomware attack in 2018.
HOUSTON – At least 20 state entities have been affected by a ransomware attack, according to the Texas Department of Information Resources.
The Department of Information Resources is deploying resources to the areas that have been most critically affected, officials said. It was not immediately clear which agencies were affected; state officials could not be immediately reached for comment.
The following agencies are also assisting in the response: the Texas Division of Emergency Management, the Texas Military Department and the Texas A&M University System’s Cyber-response and Security Operations Center.
Ransomware attacks 101
Ransomware is defined by the Department of Homeland Security as “a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.”
According to reporting by Newsweek, hackers have in recent years adopted ransomware attacks as a preferred extortion method, especially among municipal entities. By planting malicious code inside agencies’ information systems, digital intruders are able to exploit relatively unsophisticated or out-of-date cyberdefenses and inhibit computer access, the magazine said.
Affected users are then asked to pay a ransom — almost always in mostly untraceable bitcoin — to regain control of their systems. However, whether Texas officials had been asked to do so remains unknown.
Attacks on city infrastructure often have widespread collateral damage as they can freeze public services used by millions of people.
Port of San Diego ransomware attack in 2018
On September 25th 2018 the Port of San Diego fell victim to a major cyberattack that is now believed to have originated in Iran. The type of ransomware used by the attackers is called “SamSam”.
SamSam specializes in targeted ransomware attacks, breaking into networks and encrypting multiple computers across an organization before issuing a high-value ransom demand.
As the attack unfolded on September 25th, port officials started receiving information that employees’ files were locking and they were seeing messages demanding Bitcoin as a ransom to unlock them. Fortunately, the attack was mostly limited to administration departments and normal Port operations were able to continue as usual.
During the attack, port administration operations such as payroll and public records requests were severely compromised.
Ironically, the attack in San Diego came as port officials were in midstream deploying upgrades to their cybersecurity systems. Port officials have declined to estimate how much mitigation of damage and expense could have been achieved if those upgrades had already been completed when the attack occurred. Port officials and employees at San Diego though have been widely praised for the “above and beyond” efforts that they put in to minimize the impact of attacks on its stakeholders.
Copyright © 2019 PortandTerminal.com. All rights reserved. This material may not be published, broadcast, written or redistributed.