Texas Cities Rebounding From Ransomware Attack



Connecting state and local government leaders

Local governments have credited data backups and cyber security policies with the quick recovery and say cyber insurance will help recoup recovery-related costs.

Government operations are returning to normal in Texas cities hit with ransomware cyberattacks earlier this month, even as federal and state authorities continue to investigate the coordinated attacks.

Municipal officials in some of the affected cities are crediting data backup and retention practices for the relatively quick resumption of city services and say cyber insurance will help cover the costs of restoration.

State authorities have said little about the cyberattacks, which struck 22 municipal governments on August 16 and are believed to have been launched by a single entity. 

In Bonham, a 10,000-person town north of Dallas, the police department lost access to administrative forms and files when the vendor that runs its information technology department was hacked and the culprits encrypted the material. Because of the attack, the department had to use paper forms for a short period of time but police functions are now about 95% back to normal, said Capt. Wendell Bockman. The city has been able to decrypt all but one file and it lost a month’s worth of data that was not backed up, Bockman said.  

“This has raised some awareness as far as what we need to do in the future as far as upgraded security and more incremental backups,” Bockman said.

State officials have estimated that ransomware attacks could cost Texas city and county governments and education systems more than $7 million this year.

The Texas Department of Information Resources, which is overseeing the response, has not publicly named the local governments targeted nor the method used against them. While at least nine governments have been publicly identified as victims of the attack, the extent of the damage among others is not known. Some of the affected cities confirmed that they have their own information technology departments while others outsource the responsibilities to third-party vendors.

In the city of Borger, home to 13,000 people in north Texas, fast action by the city’s own IT department is credited for isolating and minimizing the potential damage. Implementation of the city’s safety protocols as soon as the ransomware was discovered “dramatically reduced the potential widespread encryption and allowed for the recovery of numerous records and documents,” said city spokeswoman Marisa Montoya.

“Critical systems such as 911, public safety radio, emergency operations center, and many other essential services were isolated from the attack and have remained fully functional throughout the event,” she said in a written statement.

The recovery progress that has been disclosed thus far in Texas stands in stark contrast to events in Baltimore, where hackers infiltrated the city’s computer systems and shut down the majority of its servers. Hackers demanded thousands of dollars to release control of the servers, but city officials balked. The city is still reeling from the May cyberattack and the estimated cost of the city’s recovery now totals $18.2 million. Meanwhile, city officials are now considering purchasing cyber insurance to protect against exorbitant costs associated with future attacks.

An increasing number of governments are purchasing cyber insurance. The percent of chief information officers who report that their state has purchased cyber insurance grew from 20- percent in 2015 to 42 percent in 2018, according to a survey by the National Association of State Chief Information Officers.

But some say the reliance on insurance is only making matters worse.

If more organizations use cyber insurance to pay ransom requests, hackers may feel emboldened Texas DIR officials said in a recent webinar on ransomware. The ransoms demanded by attackers is already on the rise, they added.

“With the insurance being in play, they believe they can extract from their victims a lot easier and the paydays are bigger,” said Danny Miller, the chief information security officer for Texas A&M University System.

In Kaufman, Texas, a 6,500-person town south of Dallas, the police department and business services were hit by this month’s attack.

City Manager Michael Slye said citizens’ private data was not compromised, but officials lost access to forms and documents needed to complete everyday tasks. The city outsources its information technology needs to a vendor, but also keeps separate backups of important data which helped the city get back up and running.

“We had the foresight to have all business applications backed up daily offsite,” Slye said. “They were able to come in with an emergency standalone server.”

Kaufman is one of several Texas cities that purchases cyber insurance through the Texas Municipal League, and Slye said that should cover the costs of the restoration efforts.

“I’m very confident that when it’s all said and done we will be made whole,” he said.

Andrea Noble is a staff correspondent with Route Fifty.

NEXT STORY: City Sued Over Sidewalk Accessibility for People With Disabilities