Texas local authorities recovering from mass ransomware hit

Local governments in Texas say they are on the mend after a large-scale coordinated devastating ransomware attack that hit 23 municipal agencies in the American state.

Around August 16, United States time, malicous software was disseminated through an unnamed managed services provider that was compromised.

In an update, the Texas Department of Information Resources, said that two weeks later, more than half of the local governments have recovered from the ransomware attack.

The ransomware attack caused widespread disruption in the state of Texas.

One local authority, the city of Borger, said it could not process payments for any services after the ransomware attack.

Other local governments also had to tell their constituents that services were disrupted and had to be performed manually.

US media reported that the ransomware extortionists sought US$2.5 million.

There is no indication that any ransom was paid however, the Texas DIR said.

Many Texan local authorities outsource their IT requirements. Nancy Rainosek, the chief information security officer of the DIR advised those to only allow authentication to remote access software from inside the provider's network.

Furthermore, they should use two-factor authentication on remote administration tools and Virtual Private Network tunnels (VPNs) rather than remote desktop protocols (RDPs).

Blocking inbound network traffic from Tor Exit nodes, and outbound traffic to Pastebin is also recommended.

Users should also employ Endpoint Detection and Response (EDR) to detect Windows Powershell (PS) running unusual processes, Rainosek suggested.