Ransomware attacks in 23 Texas cities have officials taking preventive measures

SHAVANO PARK, Texas – A ransomware attack at 23 small cities across the state has local agencies double- and triple-checking their computer and backup systems.

Shavano Park City Manager Bill Hill knows all too well how upsetting an attack can be. Issues with the city’s software hardware left it vulnerable to an attack. Although the city’s system was backed up off-site, the system was still connected, and the attack spread there, too.

“The biggest thing we learned was, ‘Don't assume that you're not going to get attacked.’ I mean, we're a little, bitty city, Shavano Park. We're a dot on the map. Why would anyone attack us?” he said.

In their case, the attackers didn’t know they had hacked a city’s system. With third-party help, the city was able to figure out how to get the issue resolved.

Gregory White, a professor of computer science at the University of Texas at San Antonio, said unlike past ransomware attacks, where hackers would target individuals, this time, the attackers hit cities knowing they have the means to pay and need to do so to get access to their systems.

“(The cities) don't have necessarily full-time security staff, and so their resources are spread thinner,” White said. “They may not have done everything they should be doing to keep their systems updated, to keep things patched and so on and so forth. That makes them an easier target.”

But big cities have also been known to have been hacked, too, White said.

There are three things that communities and individuals need to do to help protect themselves.

One is to constantly remind staff not to open email, links or attachments that seems suspicious. The second thing to do is back up data to a system that’s off-site and not attached to the same internet system. Data can also be saved on the cloud. The third thing to do is to speak up when there is an attack or someone tries to infiltrate the system.

“If I don't let you know what happened to me, then I'm not helping you prepare,” White said. “And if I can help you prepare by telling you what I have learned — the lessons I have learned from this — maybe you can avoid being hit.”

Hill said he quickly alerted other agencies about the city’s attack and sponsored a monthly meeting to discuss the incident. The city is constantly monitoring the market for the latest updates to help protect the computer data system, he said. It’s a constant battle to keep up to date, however.

Hill is urging cities to check to see if their insurance with the Texas Municipal League convers ransomware attacks.

KSAT contacted to the U.S. Secret Service's San Antonio office for comment. The office declined to say if any local municipalities were involved in the ransomware because it’s an ongoing investigation, but it offered the following tips:

• Update software and operating systems with the latest patches. This is one of the most common vulnerabilities that is easily fixable.

• Restrict users’ permissions to install and run software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.

• Use application whitelisting to allow only approved programs to run on a network.

• Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.

• Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.

• Configure firewalls to block access to known malicious IP addresses.

UTSA’s downtown campus is hosting day two of the International Informational Sharing Conference on Thursday. Speakers from different agencies around the nation are speaking about cybersecurity by sharing information about risks, incidents and best practices.

About the Authors: