Local governments in Texas continue to struggle to restore services after a coordinated ransomware attack last week, highlighting the vulnerability of government bodies to cyber attacks.

The ransomware attack, which started on Friday, was initially believed to involve 23 different local governments, now revised to 22. Specific details relating to the attack have not been disclosed by the Texas Department of Information Resources, which is coordinating the response, but some of the local governments that were attacked have gone public.

Lubbock County was one local government attacked and seemingly better prepared than others, while the City of Borger had to enact its continuity of operations plan after many of its services were crippled in the attack. Keene, the City of Kaufman and the City of Wilmer have also publicly disclosed that they were targeted in the ransomware attack. In some cases the ransom demanded is now reported to be $5 million, whereas it was previously reported that the demand was $2.5 million.

“Regardless of any money changing hands or being lost, the disruption to local authority services, which a successful attack would cause, could prove catastrophic for authorities already operating in straitened times,” Carl Wearn, head of e-crime and cyber investigation at email security firm Mimecast Services Ltd., told SiliconANGLE. “The loss of these services to the local population could have similarly tragic or far -reaching effects. The additional time and effort required to restore systems from backup is also often an additional hidden cost, which local authorities may struggle to bare.”

Joel Windels, chief marketing officer at mobile performance management company NetMotion Software Inc., put in context why ransomware attacks targeting local governments are increasing.

“After the recent Baltimore ransomware attack, two cities in Florida — Lake City and Riviera Beach — agreed to pay a total ransom of just over $1 million,” Windels said. “This has undoubtedly emboldened hackers to go after more soft targets.”

He also said more effort is needed to prevent these incidents from occurring. “While desktop computers are susceptible to attack without security updates and patches, any device that connects to public WiFi or a cellular networks is extremely vulnerable to a host of phishing schemes that can quickly result in a data breach or ransomware attack,” he said.

Oussama El-Hilali, chief technology officer at data protection firm Arcserve LLC, noted that the attacks are just the latest in a long string of cyberattacks against the public sector.

“With this surge in cybercrime, it’s more important than ever for IT decision-makers to proactively update their disaster recovery strategies so they don’t find themselves in a similar situation,” El-Hilali said. “To reverse the impact of such incidents, IT teams should have a clear picture of where data is being stored, which data and applications are most critical to operations, and how long it will take to recover them. Having multiple recovery locations, including both onsite and offsite options, is often an organization’s best bet for emerging from a ransomware incident unscathed.”

Photo: Pixabay