Texas Municipality ransomware attack (2019): Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
(adding ransomware as a category) |
(edits by D.C.) |
||
Line 1: | Line 1: | ||
{| class="wikitable" |
{| class="wikitable" |
||
! scope="row"|Date |
! scope="row"|Date |
||
| |
|16 August 2019<ref>Alina Georgiana Petcu, [https://heimdalsecurity.com/blog/texas-ransomware-attack/ 'An Overview of the Texas Ransomware Attack and What You Can Learn from It'] ''Heimdal Security'' (11 December 2020)</ref> |
||
|- |
|- |
||
! scope="row"|Suspected actor |
! scope="row"|Suspected actor |
||
|REvil<ref>[https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/texas-municipalities-hit-by-revil-sodinokibi-paid-no-ransom-over-half-resume-operations 'Texas Municipalities Hit by REvil/Sodinokibi Paid No Ransom, Over Half Resume Operations'] ''Trend Micro'' (10 September 2019)</ref> (i.e., Ransomware Evil<ref>Lucian Constantin, 'REvil ransomware explained: A widespread extortion operation' ''CSO'' (17 November 2020)</ref>), also known as Sodinokibi, a ransomware-as-a-service group<ref>Singapore Computer Emergency Response Team, [https://www.csa.gov.sg/singcert/publications/revil-unravelled 'Revil Unravelled'] (1 September 2020)</ref> |
|||
|Unclear<ref name=":Tex2">Manny Fernandez, Mihir Zaveri and Emily S. Rueb, [https://www.nytimes.com/2019/08/20/us/texas-ransomware.html “Ransomware Attack Hits 22 Texas Towns, Authorities Say”], 20 August 2019. </ref>, most likely a single threat actor.<ref name=":Tex3">Texas Department of Information Resources, [https://dir.texas.gov/View-About-DIR/Article-Detail.aspx?id=209 “Update on the August 2019 Texas Cyber Incident”], 20 August 2019.</ref> |
|||
|- |
|- |
||
! scope="row"|Target |
! scope="row"|Target |
||
|22 |
|22<ref>Bobby Allyn, [https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault “22 Texas Towns Hit With Ransomware Attack In 'New Front' Of Cyberassault”], 20 August 2019.</ref> or 23<ref>[https://www.bbc.com/news/technology-49393479 'Texas government organisations hit by ransomware attack'] ''BBC News'' (19 August 2019)</ref> small towns in Texas, U.S. |
||
|- |
|- |
||
! scope="row"|Method |
! scope="row"|Method |
||
|Targeting shared service providers of multiple municipalities<ref name=":Tex2" /> |
|Targeting shared service providers of multiple municipalities<ref name=":Tex2">Manny Fernandez, Mihir Zaveri and Emily S. Rueb, [https://www.nytimes.com/2019/08/20/us/texas-ransomware.html “Ransomware Attack Hits 22 Texas Towns, Authorities Say”], 20 August 2019. </ref> |
||
|- |
|- |
||
! scope="row"|Purpose |
! scope="row"|Purpose |
||
Line 19: | Line 19: | ||
|- |
|- |
||
! scope="row"|Aftermath |
! scope="row"|Aftermath |
||
|The Texas Department of Information Resources (DIR) has led the response to this ransomware attack and the Federal Bureau of Investigations (FBI) initiated investigations into the origin of the attack.<ref name=":Tex3" /> Immediately after the attack, the municipalities were assisted by numerous federal and state agencies, including the Federal Emergency Management Agency, the Department of Homeland Security, Texas A&M’s Information Technology and Electronic Crime Unit and the Texas Military Department.<ref name=":Tex1" /> |
|The Texas Department of Information Resources (DIR) has led the response to this ransomware attack and the Federal Bureau of Investigations (FBI) initiated investigations into the origin of the attack.<ref name=":Tex3">Texas Department of Information Resources, [https://dir.texas.gov/View-About-DIR/Article-Detail.aspx?id=209 “Update on the August 2019 Texas Cyber Incident”], 20 August 2019.</ref> Immediately after the attack, the municipalities were assisted by numerous federal and state agencies, including the Federal Emergency Management Agency, the Department of Homeland Security, Texas A&M’s Information Technology and Electronic Crime Unit and the Texas Military Department.<ref name=":Tex1">Kate Fazzini, [https://www.cnbc.com/2019/08/19/alarm-in-texas-as-23-towns-hit-by-coordinated-ransomware-attack.html “Alarm in Texas as 23 towns hit by ‘coordinated’ ransomware attack”], 19 August 2019.</ref> |
||
|- |
|- |
||
! scope="row"|Analysed in |
! scope="row"|Analysed in |
||
Line 30: | Line 30: | ||
[[Category:2019]] |
[[Category:2019]] |
||
[[Category:Ransomware]] |
[[Category:Ransomware]] |
||
<references /> |
Latest revision as of 14:54, 22 July 2021
Date | 16 August 2019[1] |
---|---|
Suspected actor | REvil[2] (i.e., Ransomware Evil[3]), also known as Sodinokibi, a ransomware-as-a-service group[4] |
Target | 22[5] or 23[6] small towns in Texas, U.S. |
Method | Targeting shared service providers of multiple municipalities[7] |
Purpose | Unclear. |
Result | More than 40 municipalities have been targeted by ransomware attacks over the summer of 2019.[8] The attack on Texas municipalities, however, has been described as the most coordinated attack among all of them.[7] As a result of the attack, city workers were unable to accept payments and to access vital records, including birth and death certificates.[9] |
Aftermath | The Texas Department of Information Resources (DIR) has led the response to this ransomware attack and the Federal Bureau of Investigations (FBI) initiated investigations into the origin of the attack.[10] Immediately after the attack, the municipalities were assisted by numerous federal and state agencies, including the Federal Emergency Management Agency, the Department of Homeland Security, Texas A&M’s Information Technology and Electronic Crime Unit and the Texas Military Department.[11] |
Analysed in | Scenario 14: Ransomware campaign |
Collected by: Nele Achten
- ↑ Alina Georgiana Petcu, 'An Overview of the Texas Ransomware Attack and What You Can Learn from It' Heimdal Security (11 December 2020)
- ↑ 'Texas Municipalities Hit by REvil/Sodinokibi Paid No Ransom, Over Half Resume Operations' Trend Micro (10 September 2019)
- ↑ Lucian Constantin, 'REvil ransomware explained: A widespread extortion operation' CSO (17 November 2020)
- ↑ Singapore Computer Emergency Response Team, 'Revil Unravelled' (1 September 2020)
- ↑ Bobby Allyn, “22 Texas Towns Hit With Ransomware Attack In 'New Front' Of Cyberassault”, 20 August 2019.
- ↑ 'Texas government organisations hit by ransomware attack' BBC News (19 August 2019)
- ↑ 7.0 7.1 Manny Fernandez, Mihir Zaveri and Emily S. Rueb, “Ransomware Attack Hits 22 Texas Towns, Authorities Say”, 20 August 2019.
- ↑ Niraj Chokshi, “Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next”, 22 May 2019.
- ↑ Kathleen Foody and Jake Bleiberg, AP, “Ransomware attack hits more than 20 Texas local governments”, 20 August 2019.
- ↑ Texas Department of Information Resources, “Update on the August 2019 Texas Cyber Incident”, 20 August 2019.
- ↑ Kate Fazzini, “Alarm in Texas as 23 towns hit by ‘coordinated’ ransomware attack”, 19 August 2019.