The coordinated ransomware attacks on 23 Texas municipalities last month demonstrate the lengths cybercriminals are willing to go to in order to attain their demanded ransom (in the case of the Texas cities, $2.5 USD). On the heels of these attacks, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs unveiled the agency’s new strategic intent document.
The document spells out how CISA will work to address the ever-growing threat of cyberattack by defining its mission and a high-level framework that will be used – a framework that includes the sharing of information between state and local agencies.
Krebs spoke to an audience at Auburn University about ransomware and how agencies should learn from the Texas attacks. “If you do pay [the ransom] you’re just incentivizing the ransomware actor to keep doing this,” he said. “It is not in the interest of your next-door neighbor or the next county to pay.”
With the Texas Department of Information Resources, DHS, and the FBI are all working together to investigate the 23 attacks, evidence continues to point to a single threat actor or organization.
Both public and private sector organizations need to be mindful that coordinated attacks, and those that seek to engulf the entire organization (and not just a few endpoints) as its’ victim are both becoming the norm.
Putting proactive controls in place, such as Security Awareness Training to reduce the risk of users engaging with malicious content in email and on the web, are critical, as the Texas attacks demonstrate the damage that can be done from a single attack can be business-altering.