Incident: Texas Government Organisations Hit by Ransomware Attack

Published Date: 2019-08-19

Postmortem Analysis
Timeline 1. The software failure incident of the ransomware attack on Texas government organisations happened over the weekend before the article was published on August 19, 2019 [Article 88565].
System The software failure incident reported in the article is a ransomware attack that affected 23 organisations connected to local government in the US state of Texas [88565]. The systems that failed in this incident are: 1. Local government computer systems in Texas 2. Government computers in New York, Maryland, and Florida 3. Government computers in Baltimore 4. Government computers in Riviera Beach, Florida 5. Government computers in Lake City, Florida
Responsible Organization 1. The ransomware attack on Texas government organisations was caused by cyber-criminals who used malicious software to disable computers and demand ransom payments [88565].
Impacted Organization 1. 23 organisations connected to local government in the US state of Texas [88565]
Software Causes 1. Ransomware attack that disabled computers and data until a ransom was paid [88565]
Non-software Causes 1. Lack of adequate cybersecurity measures in place to prevent ransomware attacks [88565] 2. Vulnerability of government departments due to their complex structure, making them easy targets for hackers [88565]
Impacts 1. The ransomware attack on 23 organisations connected to local government in Texas resulted in the disabling of computers and data until a ransom was paid [88565]. 2. The attack primarily affected smaller local government departments, causing disruption in their operations [88565]. 3. The ransomware incident led to the drafting in of cyber-security experts, military, and counter-terrorism units to help bring systems back online [88565]. 4. The attack on government computers in Baltimore resulted in the disabling of email accounts and prevented online payments to city departments for weeks, leading to estimated losses of around $18 million [88565]. 5. Some cities affected by ransomware attacks, like Riviera Beach and Lake City in Florida, opted to pay significant amounts in Bitcoin to hackers to regain control of their computer systems [88565].
Preventions 1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and employee training to prevent ransomware attacks [88565]. 2. Ensuring all software and systems are up to date with the latest security patches to mitigate vulnerabilities that could be exploited by hackers [88565]. 3. Utilizing strong encryption methods to protect sensitive data from being accessed or compromised in the event of a ransomware attack [88565]. 4. Implementing a comprehensive backup and disaster recovery plan to quickly restore systems and data in case of a ransomware incident, reducing the need to pay ransom demands [88565].
Fixes 1. Enhancing cybersecurity measures and protocols within the affected Texas government organisations to prevent future ransomware attacks [88565]. 2. Implementing regular cybersecurity training and awareness programs for employees to recognize and mitigate potential cyber threats [88565]. 3. Conducting thorough security audits and vulnerability assessments to identify and address any weaknesses in the IT infrastructure [88565]. 4. Developing and implementing robust backup and disaster recovery plans to ensure quick restoration of systems in case of future incidents [88565]. 5. Collaborating with cybersecurity experts, military, and counter-terrorism units to strengthen the overall cybersecurity posture and response capabilities of the government organisations [88565].
References 1. Texas Department of Information Resources 2. Cyber-security experts 3. Military and counter-terrorism units 4. Texas government officials 5. Lisa Forte, partner at Red Goat Cyber Security 6. Liron Barak, chief executive of BitDam cyber-security firm 7. Baltimore city officials 8. Council leaders in Riviera Beach, Florida 9. Officials in Lake City, Florida 10. Various affected US states 11. Various affected local government departments in Texas 12. Hackers involved in the ransomware attacks 13. Dark web sources 14. News sources reporting on the incidents [88565]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident having happened again at one_organization: - In May, hackers seized control of thousands of government computers in Baltimore, disabling email accounts and preventing online payments to city departments for weeks [88565]. - The city estimated losses of around $18m from the attack, where the hackers demanded $100,000 worth of Bitcoin [88565]. (b) The software failure incident having happened again at multiple_organization: - Hackers have targeted a number of US states this year, paralyzing government computers in New York, Maryland, and Florida [88565]. - In June, council leaders in Riviera Beach, Florida, voted to pay almost $600,000 in Bitcoin to hackers who paralyzed the city's computer systems for weeks [88565]. - A week later, officials in Lake City, Florida paid hackers $500,000 following a similar ransomware demand [88565].
Phase (Design/Operation) design, operation (a) The software failure incident related to the design phase can be seen in the ransomware attack on Texas government organisations [88565]. The attack was a result of malicious software that disabled computers and data until a ransom was paid. This incident was a clear example of a failure due to contributing factors introduced by system development or updates, as the ransomware was able to infiltrate the systems and cause disruption. (b) The software failure incident related to the operation phase is evident in the aftermath of the ransomware attacks on various US states, including Baltimore, New York, Maryland, and Florida [88565]. These attacks paralyzed government computers, disabled email accounts, and prevented online payments to city departments. The operational failure was due to the misuse of the systems by hackers who exploited vulnerabilities to disrupt normal operations and demand ransom payments.
Boundary (Internal/External) within_system (a) within_system: The software failure incident reported in the articles is primarily due to ransomware attacks that disabled computers and data within the systems of various government organisations in Texas [88565]. The ransomware was a type of malicious software used by cyber-criminals to disable the computers until a ransom was paid. The attack affected 23 organisations connected to local government in Texas, indicating that the failure originated from within the system itself. The Texas Department of Information Resources mentioned that evidence suggested the attacks came from one single threat actor, further emphasizing the internal nature of the incident.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in the articles is related to non-human actions, specifically a ransomware attack. The attack on 23 organisations connected to local government in Texas was caused by malicious software deployed by cyber-criminals, disabling computers and data until a ransom is paid [88565]. (b) The software failure incident can also be attributed to human actions. The hackers behind the ransomware attack are responsible for introducing the contributing factors that led to the failure. Additionally, decisions made by city officials in response to the attack, such as the choice to pay the ransom in some cases, can be considered human actions that influenced the outcome of the incident [88565].
Dimension (Hardware/Software) hardware, software (a) The software failure incident occurring due to hardware: - The article reports on a ransomware attack that affected 23 organisations connected to local government in Texas [88565]. - Ransomware is a type of malicious software that disables a computer and its data until a payment is made. - The attack disabled government computers in various states, including New York, Maryland, and Florida. - The Texas Department of Information Resources indicated that the attack primarily affected smaller local government departments, suggesting that the hardware failure could be due to vulnerabilities in the hardware systems used by these organisations. (b) The software failure incident occurring due to software: - The primary cause of the software failure incident reported in the article is ransomware, which is a type of malicious software used by cyber-criminals to disable computers and data until a ransom is paid. - The ransomware attack on the Texan government organisations was co-ordinated and came from one single threat actor. - The attack disabled email accounts, prevented online payments, and affected government computers in various states. - The incident highlights a software failure caused by the malicious software (ransomware) infiltrating the systems and disrupting their operations.
Objective (Malicious/Non-malicious) malicious (a) The software failure incident reported in Article 88565 is malicious in nature. It involves a ransomware attack where hackers intentionally infected 23 organisations connected to local government in Texas with ransomware. The attack was coordinated and aimed at disabling computers and data until a ransom was paid. The attackers demanded ransom payments in Bitcoin, and the incident led to significant disruptions and financial losses for the affected entities [88565].
Intent (Poor/Accidental Decisions) poor_decisions (a) The intent of the software failure incident related to poor decisions can be inferred from the ransomware attack on Texas government organisations [88565]. The attack was a result of hackers infecting 23 organisations connected to local government in Texas with ransomware. The attack was described as co-ordinated, indicating a deliberate and planned effort by threat actors. Additionally, the attack primarily affected smaller local government departments, suggesting a strategic targeting of vulnerable entities. The decision to target government organisations with ransomware reflects a poor decision made by the hackers to exploit vulnerabilities for financial gain.
Capability (Incompetence/Accidental) development_incompetence, unknown (a) The software failure incident related to development incompetence is evident in the ransomware attack on 23 organisations connected to local government in Texas. The attack was co-ordinated and affected smaller local government departments, indicating a level of sophistication and planning by the threat actor [88565]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article.
Duration temporary (a) The software failure incident reported in the articles is temporary. The ransomware attack on the Texas government organisations resulted in the disabling of computers and data until a ransom was paid. This type of malicious software temporarily disables the systems until the payment is made, indicating that the failure was not permanent [88565].
Behaviour crash, omission, other (a) crash: The software failure incident described in the article is related to a ransomware attack on 23 organisations connected to local government in Texas. The ransomware attack disabled the computers and data of these organisations until a payment was made, indicating a crash where the system lost its state and was unable to perform its intended functions [88565]. (b) omission: The ransomware attack resulted in the omission of the intended functions of the affected systems, as they were disabled and unable to operate normally until the ransom was paid [88565]. (c) timing: The timing of the software failure incident is not explicitly mentioned in the article. However, it can be inferred that the attack occurred over the weekend and was still ongoing on Monday morning, indicating that the system was not performing its intended functions at the right time [88565]. (d) value: The software failure incident does not involve the system performing its intended functions incorrectly. Instead, the failure was due to the system being disabled by the ransomware attack, leading to a loss of access to data and functionality [88565]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, where the system behaves erroneously with inconsistent responses and interactions. The ransomware attack described in the article primarily resulted in disabling the systems until a ransom was paid, rather than exhibiting inconsistent behavior [88565]. (f) other: The other behavior exhibited in this software failure incident is the intentional disabling of the systems by cyber-criminals through the deployment of ransomware. This deliberate act of compromising the systems' functionality for financial gain is a significant aspect of the incident [88565].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, non-human, theoretical_consequence (a) unknown (b) unknown (c) unknown (d) Property: The software failure incident impacted people's material goods, money, or data. For example, in the case of the ransomware attack on Texan government organisations, the attack disabled computers and data until a ransom was paid, affecting the operations and potentially causing financial losses [88565]. (e) Delay: People had to postpone activities due to the software failure. For instance, in the Baltimore ransomware attack, the city had to manually process transactions and slowly restore access to email accounts, causing delays in operations [88565]. (f) Non-human: Non-human entities were impacted due to the software failure. In the case of the ransomware attacks on government computers in various cities, the systems were paralyzed, affecting the functioning of the organizations [88565]. (g) unknown (h) Theoretical_consequence: There were potential consequences discussed of the software failure that did not occur. For example, in the case of ransomware attacks, there were discussions about the potential vulnerability of cities paying ransoms and being targeted again in the future [88565]. (i) unknown
Domain government [a88565] The software failure incident reported in the articles is related to the government industry. The ransomware attack targeted 23 organisations connected to local government in the US state of Texas. The attack affected smaller local government departments, leading to the disabling of computers and data until a ransom was paid. The Texas Department of Information Resources and other authorities were involved in responding to the incident, indicating that the failed system was intended to support government operations.

Sources

Back to List