The deadline is October 28, 5 pm, local time, according to a message from the hackers.

“Your servers and data have been hacked,” the note reads. “We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.”

The message was discovered on city employee computers, in the form of a logon screen.

The authorities immediately shut down all of the IT infrastructure, including websites, payment portals and various other e-services. A breach was later confirmed via the city’s Twitter account.

While employees intiitally thought that they were victims of a ransomware attack, it was later discovered that the computers were not actually encrypted.

Furthermore, the hackers went to Twitter to post screenshots showing that they had access to the city’s Active Directory server, even claiming that they were the ones who took down the website after deactivating the DNS server.

City officials were not available for comment. It is unclear if they intend to pay the ransom demand, estimated at around $30,000. In some interviews, city officials also suggested they would be investigating the incident as the work of a disgruntled current or former city employee.

It’s more important than ever for businesses around the world to enact stricter Cyber Security policies and work with an IT provider that can help them secure valuable data.

The post Johannesburg held for ransom by hacker gang appeared first on ATYXIT - Illinois IT Services and IT Support.

State and federal agencies are in the midst of a response, and TDIR did not have information on whether any of the affected governmental organizations had chosen to pay the ransom.

But the TDIR did reveal that the ransomware came from a single source. “At this time, the evidence gathered indicates the attacks came from one single threat actor,” a spokesperson said. “Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.”

Response teams from TDIR, the Texas Division of Emergency Management, Texas Military Department, Department of Public Safety, and the Texas A&M University System’s Security Operations Center/Critical Incident Response Team (SOC/CIRT) are currently involved in the effort to bring systems back online, as are federal officials from the Department of Homeland Security, the FBI, FEMA, and other agencies.

This has been a particularly brutal year for ransomware thus far. While opportunistic attacks against consumers appear to be down from last year based on data from Malwarebytes, attacks against businesses and governments are up by 365%. IBM X-Force incident reporters have noted a more modest 116% increase in customer ransomware incidents. In July, the US Conference of Mayors reported that there have been 22 ransomware attacks on city, county, and state governments in the first six months of 2019. Those attacks include some notable incidents, such as the April attack on Albany, New York; RobbinHood ransomware attacks on Greenville, North Carolina and the City of Baltimore; and the Ryuk ransomware attacks on three Florida municipal governments. In July, Ryuk hit Georgia’s court system and then Georgia’s state and capitol police.

The financial damage has been significant. Baltimore is still in the process of recovering, just sending out its first water bills since May and facing $18 million in direct costs and lost revenue. Elsewhere, two Florida cities paid out a total amounting to about $1 million worth of cryptocurrency to regain their data.

Go big or go home

The Texas attacks are the largest coordinated ransomware attacks seen against multiple local governments, but they’re not necessarily the first coordinated attacks. Three school districts in northern Louisiana were hit by ransomware in a single incident in July. It’s not clear if the districts shared any network infrastructure. And a December 2018 attack struck multiple newspapers owned by Tribune Publishing after Ryuk ransomware spread across Tribune’s internal wide-area network.

Texas has also seen a number of isolated ransomware incidents in the past, especially in the form of attacks against its Independent School Districts (ISDs). In February, the Crosby ISD near Houston was the victim of a ransomware attack that took the district’s entire IT infrastructure down. And back in April 2016, 20 schools in the North East ISD were affected by a ransomware attack that encrypted 2.5 terabytes of data—which was eventually recovered from system backups.

There’s no better time than now to work with a provider that takes Cyber Security seriously.

The post 23 Texas Government Agencies Taken Down By Ransomware appeared first on ATYXIT - Illinois IT Services and IT Support.