In the early morning of Friday August 16th 2019, hackers managed to infiltrate the networks of 22 local government organisations in Texas via a third-party services provider, planting ransomware that encrypted data and disrupting business-critical services.
The hackers’ demand? A cool $2.5 million for the decryption keys to unlock the data.
But Texas decided to do something different from the other states hit by ransomware: they didn’t pay up.
As the Texas Department of Information Resources (DIR) has announced on its website, “more than half of the impacted entities are back to operations as usual.”
The DIR statement makes clear that it decided to clean up the infections for itself, and rebuild systems and restore data from secure backups, rather than put any cash into the pockets of the criminals who attacked its systems:
Through the dedication and vision of the Office of the Chief Information Security Officer at the Texas Department of Information Resources, a response plan was in place and ready to be put into action immediately. Within hours of receiving notice of the event, state and federal teams were executing the plan and in the field at the most critically impacted sites to begin eradicating the malware and assessing impact to systems. By day four, response teams had visited all impacted sites and state response work had been completed at more than 25% of those sites. One week after the attack began, all sites were cleared for remediation and recovery.
This is all very impressive, of course, but chances are that the clean-up and recovery – combined with the disruption to normal services – has actually cost more money than it would have cost to pay the cybercriminals who were holding it to ransom. And that cost is likely to be passed on to taxpayers ultimately.
Nonetheless, I applaud the Texas DIR for making the decision it did. Although it may have cost them more to recover from the ransomware attack than paying the ransom, in the long term a refusal to pay extortionists will help to discourage future attacks. After all, if victims won’t pay up – what’s the point?
To learn more about the ransomware attacks hitting US states, be sure to listen to this episode of the “Smashing Security” podcast with special guest Jack Rhysider from “Darknet Diaries”, recorded shortly after the Texas attack.