The threat actor that hit multiple Texas local governments with file-encrypting malware last week may have done it by compromising a managed service provider. The attacker demanded a collective ransom of $2.5 million, the mayor of a municipality says.

New details from the Department of Information Resources (DIR) announce that the number of victims has been established to 22, with evidence pointing to a single party responsible for the attacks.

Steady recovery

Things appear to be on the right track, as some entities have already resumed normal activity, DIR informs in an update on the situation. More than 25% of the victims have moved from the response and assessment stage to remediation and recovery.

Wiz

The names of all the municipalities impacted by the attack remain undisclosed, but two of them announced the hit publicly.

The City of Borger issued a statement saying that the incident impacted its financial operations and services. The city cannot accept utility or other payments and Vital Statistics services (birth and death certificates) are offline.

Keene is another city affected by this ransomware attack. This administration, too, cannot process card payments or utility disconnections.

Keene Mayor Gary Heinrich said that the threat actor demanded $2.5 million in exchange for the key that decrypts the locked files.

MSP is the common denominator

Heinrich told NPR that the threat actor deployed the ransomware through the software from the managed service provider (MSP) used by the administration for technical support.

MSPs are a convenient solution for entities that cannot manage the IT infrastructure themselves. This would not be unusual with smaller local governments that may lack qualified staff for this type of task.

An external company providing this service typically uses software that allows remote access to a client's network. This way, the MSP can monitor the activity and fix problems, as well as install system updates or applications.

According to Heinrich, the City of Keene uses the same external company that provides IT support services to many of other impacted municipalities.

MSPs have started to be a frequent target for ransomware operators as a successful compromise offers access to multiple clients.

tines

Break down IAM silos like Bitpanda, KnowBe4, and PathAI

Broken IAM isn't just an IT problem - the impact ripples across your whole business.

This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.

Related Articles:

US cybersecurity experts plead guilty to BlackCat ransomware attacks

Romanian energy provider hit by Gentlemen ransomware attack

Romanian water authority hit by ransomware attack over weekend

University of Phoenix data breach impacts nearly 3.5 million individuals

Interpol-led action decrypts 6 ransomware strains, arrests hundreds