Coordinated ransomware attack hits 22 Texas local government agencies
UPDATED: August 23rd, 2019
Target: 22 Local Texas Government Agencies
Type of Attack: Ransomware – Sodinokibi (REvil) strain
- Sodinokibi, also known as Sodin and REvil, is a new strain of ransomware-as-a-service (RaaS) that replaced the defunct GandCrab service. Since its first appearance in April 2019, it has rapidly become the 4th most common ransomware strain.
Total Estimated Cost of Attack: TBD. According to NPR, the attackers want a collective ransom of $2.5 million.
Texas state officials have confirmed that 22 Texas local government agencies were struck by a coordinated ransomware attack that began on Friday, August 16th, 2019. It has been revealed that the ransomware came from a single source, and industry experts believe the attacker used the infamous Sodinokibi (REvil) ransomware strain to gain access to its computer systems via a third-party software provider.
As of August 20th, only a quarter of the local governments have been able to at least partially restore normal operations, according to a statement from the Texas Department of Information Resources. Only 5 local governments had been publicly identified at that time, and the attack appears to have specifically targeted small towns. The City of Kaufman, Texas, announced on Facebook that they were severely affected by ransomware. “At this time, all of our computer and phone systems are down and our ability to access data, process payments, etc. is greatly limited.”
Response teams from local, state and federal agencies are currently involved in an effort to bring systems back online. The breadth of these attacks and targeting of small towns proves that ransomware attacks are no longer just a big city or a big business problem. Ransomware, identity theft, state-sponsored attacks, cloud security breaches — being a “secure” small business is a lot more complicated than it used to be.