Texas Municipality ransomware attack (2019): Difference between revisions

{| class="wikitable"

! scope="row"|Date

|16 August 2019<ref>Alina Georgiana Petcu, [https://heimdalsecurity.com/blog/texas-ransomware-attack/ 'An Overview of the Texas Ransomware Attack and What You Can Learn from It'] ''Heimdal Security'' (11 December 2020)</ref>

|-

! scope="row"|Suspected actor

|REvil<ref>[https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/texas-municipalities-hit-by-revil-sodinokibi-paid-no-ransom-over-half-resume-operations 'Texas Municipalities Hit by REvil/Sodinokibi Paid No Ransom, Over Half Resume Operations'] ''Trend Micro'' (10 September 2019)</ref> (i.e., Ransomware Evil<ref>Lucian Constantin, 'REvil ransomware explained: A widespread extortion operation' ''CSO'' (17 November 2020)</ref>), also known as Sodinokibi, a ransomware-as-a-service group<ref>Singapore Computer Emergency Response Team, [https://www.csa.gov.sg/singcert/publications/revil-unravelled 'Revil Unravelled'] (1 September 2020)</ref>

|-

! scope="row"|Target

|22<ref>Bobby Allyn, [https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault “22 Texas Towns Hit With Ransomware Attack In 'New Front' Of Cyberassault”], 20 August 2019.</ref> or 23<ref>[https://www.bbc.com/news/technology-49393479 'Texas government organisations hit by ransomware attack'] ''BBC News'' (19 August 2019)</ref> small towns in Texas, U.S.

|-

! scope="row"|Method

|Targeting shared service providers of multiple municipalities<ref name=":Tex2">Manny Fernandez, Mihir Zaveri and Emily S. Rueb, [https://www.nytimes.com/2019/08/20/us/texas-ransomware.html “Ransomware Attack Hits 22 Texas Towns, Authorities Say”], 20 August 2019. </ref>

|-

! scope="row"|Purpose

|Unclear.

|-

! scope="row"|Result

|More than 40 municipalities have been targeted by ransomware attacks over the summer of 2019.<ref>Niraj Chokshi, [https://www.nytimes.com/2019/05/22/us/baltimore-ransomware.html “Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next”], 22 May 2019.</ref> The attack on Texas municipalities, however, has been described as the most coordinated attack among all of them.<ref name=":Tex2" /> As a result of the attack, city workers were unable to accept payments and to access vital records, including birth and death certificates.<ref>Kathleen Foody and Jake Bleiberg, AP, [https://cbsaustin.com/news/local/ransomware-attack-hits-more-than-20-texas-local-governments “Ransomware attack hits more than 20 Texas local governments”], 20 August 2019. </ref>

|-

! scope="row"|Aftermath

|The Texas Department of Information Resources (DIR) has led the response to this ransomware attack and the Federal Bureau of Investigations (FBI) initiated investigations into the origin of the attack.<ref name=":Tex3">Texas Department of Information Resources, [https://dir.texas.gov/View-About-DIR/Article-Detail.aspx?id=209 “Update on the August 2019 Texas Cyber Incident”], 20 August 2019.</ref> Immediately after the attack, the municipalities were assisted by numerous federal and state agencies, including the Federal Emergency Management Agency, the Department of Homeland Security, Texas A&M’s Information Technology and Electronic Crime Unit and the Texas Military Department.<ref name=":Tex1">Kate Fazzini, [https://www.cnbc.com/2019/08/19/alarm-in-texas-as-23-towns-hit-by-coordinated-ransomware-attack.html “Alarm in Texas as 23 towns hit by ‘coordinated’ ransomware attack”], 19 August 2019.</ref>

|-

! scope="row"|Analysed in

|[[Scenario 14: Ransomware campaign]]

|}

Collected by: [[People#Research_assistants|Nele Achten]]

[[Category:Example]]

[[Category:2019]]

[[Category:Ransomware]]

<references />