A financially motivated ransomware gang hit 23 local governments in Texas in a coordinated attack. Ransomware is a type of malicious software, often delivered via email or drive-by web downloads, that locks up an organization’s systems until a ransom is paid or files are recovered by other means such as backup restoration. This most recent Texas offensive follows attacks in New York, Louisiana, Maryland, and Florida that resulted in significant financial losses, decreased productivity, and downtime of services to citizens.
Local governments are prime targets due to their decentralized organizational structures, relatively small IT and security teams compared to commercial organizations, and a responsibility to maintain uptime for local services like licensing, zoning, and permitting. Digital transformation and eGovernment initiatives, along with always-on devices, has also expanded the available attack surface for hackers to exploit. Traditional anti-virus tools are insufficient to protect against today’s coordinated and morphing cybersecurity attacks. Many local governments are under the impression that they need to invest heavily in software, staff, and go it alone. Managed security service providers have changed the security landscape by providing SOC-as-a-Service via a co-managed SIEM (Security Information and Event Management) platform with integrated EDR (Endpoint Detection and Response) driven by a 24/7 SOC (Security Operations Center).
While specific tactics, techniques, and procedures (TTPs) are still unfolding, common elements believed present across these statewide cybersecurity attacks include:
Texas prepared for possible large-scale cybersecurity incidents with statewide cybersecurity resources such as the Department of Emergency Management and the implementation of a four-step protocol. State and local agencies within Texas are also assisting with the cyber response that is one step below the highest level of alert or “emergency.” Response and recovery are currently the top priorities for these smaller towns, according to the Texas Department of Information Resources (DIR).
SOC-as-a-Service (SOCaaS) allows any organization, even small cities, to employ powerful ransomware protection without additional staff or expensive capital outlay.
Aaron Branson, Senior Vice President, Marketing
Netsurion
There are several steps that local, county, and state governments can take to block against ransomware attacks. Sophisticated threats necessitate advanced threat detection and remediation. Ransomware best practices include:
Local, county, and state governments protect sensitive systems and data and augment existing IT teams with managed services such as SIEM, EDR, and a 24/7 SOC. Local governments in Texas and across the U.S. who thus far have escaped attack can utilize proactive threat detection and response efforts to enhance their security toolkit. Our SOC-as-a-Service (SOCaaS) has caught many such attacks on government agencies to keep them out of the headlines and away from ransomware payments. Read case examples from government and enterprise organizations to learn about EventTracker in action.
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.