Over the weekend, multiple news outlets reported that 23 local governments in Texas were hit with what appeared to be coordinated ransomware attacks.
Greg White is the director of the Center for Infrastructure Assurance and Security at the University Of Texas at San Antonio. He says it’s likely that someone who worked for each of the affected governments “clicked on something they shouldn’t have, or went to a location that they shouldn’t have, and had some malicious software installed on their system.”
Those erroneous clicks give attackers access to the network, at which point they encrypt the organization’s data, making it unavailable to the local government. From there, attackers demand a ransom to access to the data.
White says there isn’t much a ransomware victim can do once an attack has occurred.
“The best thing that you can do is to avoid the situation in the first place,” White says.
To prevent successful ransomware attacks, governments and businesses should train employees not to click on unknown links or files. And the organization should maintain backups of all data. And those backups should be kept off the network.
“One of the things the criminal will do is search for backups,” White says. “And if they can encrypt the backups and your [data] then they’ve got everything.”
White says some victims of ransomware pay up, while others, often with a backup, don’t.
“Ransomeware used to be a personal thing. … It’s now becoming more of a government kind of thing, going after government or industry,” White says.
The Department of Information Resources, or DIR, is the state agency charged with coordinating prevention and response efforts to cyberattacks. White says a new agreement will create an information-sharing and analysis organization that DIR and UT-San Antonio will run.
“The idea is to create a central entity that people can report to, that can help people before an event, and that will be able to help folks in case of an event,” White says.
White says that had the new information-sharing group been in place, it might have been possible to prevent an attack like the one over the weekend. He says legislation that would have helped communities with cyberthreats didn’t get needed funding.
“This is what we at UTSA have been working on for years, is to try to help communities,” White says.
Written by Shelly Brisbin.