[ad_1]
DALLAS (AP) — It was a steamy Friday two August ago when Jason Whisler settled in for a working breakfast at the Coffee Ranch restaurant in the Texas Panhandle city of Borger. The most pressing agenda item for city officials like him that morning: planning a country concert and anniversary event.
Then Whisler’s phone rang. Borger’s computer system had been hacked.
Workers frozen from files. Printers vomited their money demands. For the next few days, residents couldn’t pay their water bills, the government couldn’t print checks, and police officers couldn’t get certain records. Similar scenes occurred in nearly two dozen communities across Texas that were hit by officials of a cyberattack linked to a Russia-based crime syndicate.
In 2019, ransomware had yet to emerge as one of the biggest challenges facing the United States. But the attacks in Texas were a harbinger of the now exploding threat, providing a case study of what happens behind the scenes when victims are attacked.
According to thousands of pages of documents reviewed by the Associated Press and interviews with people involved in the response, Texas communities struggled for days with cuts in government services, as workers in small cities and towns endured consecutive frustrations from the cyberattack. The AP also learned new details about the extent of the attack and its victims, including an Air Force base where access to a law enforcement database was affected, and a city that had to manually operate its water supply system.
Recent ransomware attacks have led to fuel shortages and threatened the meat supply. However, unlike the cases that have come to the fore recently, the Texas attacks that were resolved without ransom payment make it clear that ransomware doesn’t need to hit vital infrastructure or large corporations to disrupt daily life.
“It was just a frightening feeling,” said Whisler, Borger’s emergency management coordinator.
By early August 16, with most Texans still asleep, hackers were breaking into networks half a world away.
As the impact of the attack unfolded, Vernon’s city manager emailed his colleagues and said the city could get back online by paying a $2.5 million ransom, but that was “clearly” not the plan.
“Holy moly!!!!” the answer has come.
The criminals were linked to Russia-linked syndicate REvil, which extorted $11 million from meat processor JBS last spring and was more recently behind a July Fourth weekend attack that crippled businesses around the world.
August 2019 hackers took their place with an attack on TSM Consulting Services, a Texas firm that provides technology services to local governments. Attackers branched out through screen sharing software and remote management to take control of the networks of some of the company’s customers.
Within hours, state and federal officials had piled up inside an underground operations center normally used for disasters like hurricanes and floods. Governor Greg Abbott has declared a cyber disaster. Texas National Guard cyber experts took action.
“Basically, if there was a municipal function where you would go to city hall or trust the police department, it didn’t exist,” said Andy Bennett, the state’s deputy chief of information security at the time. .
In Borger, a city of less than 13,000 people, ransomware demands jumped from printers and flashed on some computer screens. City manager Garrett Spradling said government files were encrypted, with their names replaced with meaningless combinations of letters and symbols.
Vital records such as birth and death certificates were offline. Signs hung in a window in front of the city hall said the city was unable to process water bill payments, but the cuts would be delayed.
Because the city paid for remote remote backup, Borger could reformat servers, reinstall the operating system, and retrieve data. Spradling said the police department stores its data locally and officers cannot access previous incident reports.
Jeremy Sereno was working at his civilian job at Dell when he was enlisted for government relief. Sereno, a lieutenant colonel and senior cybersecurity officer in the Texas Military Department, helped deploy Texas National Guard troops to hacked cities where experts worked to assess damage, restore data from backed up files, and regain control of locked systems.
One of the first areas of concern was a small North Texas city. Sereno said the attack forced the system to operate manually by locking out the “human-machine interface” workers used to control the water supply. Water purity was not compromised.
“This is what is considered critical infrastructure when you talk about water,” he said.
The AP does not identify the city, at the urging of state officials who said it could launch new attacks on the water system.
In Graham, ransomware attacked a police server hosting body camera videos, causing hundreds of people to go missing. Chief Brent Bullock said officers had to rely on requests from dispatchers at a local sheriff’s office that was unaffected by the attack, rather than using mobile data terminals to check on people they encountered.
The impact was not limited to local governments. Sheppard Air Force Base confirmed to the AP that its access to a statewide law enforcement database used for background checks was temporarily interrupted.
One complication: Officials said TSM’s client list was encrypted. State officials did not immediately understand which communities were being victimized.
Nancy Rainosek, Texas’ chief information security officer, said they had to call them. There was a place we contacted and they said ‘no, we weren’t shot.'” Days later they said “yes we were”
Fortunately for Borger, most city services were restored within days. The city has since invested in additional cybersecurity protections.
“When you complain that you have to change your passwords, you complain a lot more when it never happens to you and you have nothing to do with it,” Spradling said. “After having to answer the phone and tell 300 people they can’t pay the water bill, you tend to complain a little less.”
Spradling said that even now the authorities will go to get an old report or address record and realize that it is not there.
[ad_2]
Source link