Are You Having A Technology Emergency?

True North Networks Blog

MSP Responsible for 22 Texas Cities Ransomware


The threat actor that hit multiple Texas local governments with file-encrypting malware last week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says.

New details from the Department of Information Resources (DIR) announce that the number of victims has been established to 22, with evidence pointing to a single party responsible for the attacks.

Steady recovery

Things appear to be on the right track, as some entities have already resumed normal activity, DIR informs in an update on the situation. More than 25% of the victims have moved from the response and assessment stage to remediation and recovery.

The names of all the municipalities impacted by the attack remain undisclosed, but two of them announced the hit publicly.

The City of Borger issued a statement saying that the incident impacted its financial operations and services. The city cannot accept utility or other payments and Vital Statistics services (birth and death certificates) are offline.

Keene is another city affected by this ransomware attack. This administration, too, cannot process card payments or utility disconnections.

Keen Mayor Gary Heinrich said that the threat actor demanded $2.5 million in exchange for the key that decrypts the locked files.

MSP is the common denominator

Heinrich told NPR that the threat actor deployed the ransomware through the software from the managed service provider (MSP) used by the administration for technical support.

MSPs are a convenient solution for entities that cannot manage the IT infrastructure themselves. This would not be unusual with smaller local governments that may lack qualified staff for this type of task.

An external company providing this service typically uses software that allows remote access to a client's network. This way, the MSP can monitor the activity and fix problems, as well as install system updates or applications.

According to Heinrich, the City of Keen uses the same external company that provides IT support services to many of other impacted municipalities.

MSPs have started to be a frequent target for ransomware operators as a successful compromise offers access to multiple clients.



VMware buys Carbon Black and Pivotal, valued toget...
Cybersecurity Is About To Explode. Here’s Why!