The Texas local governments attack seems to me to be more akin to the trend we have been seeing in 2019 with attackers targeting one MSP and then using that access and the MSP’s tools to attack / encrypt the MSP’s individual clients. If I’m not mistaken (and, I could be), the Texas DIR often acts as sort of a provider / MSP or/ MSSP to some local governments by providing outsourced services to those local governments.
Does anyone know if that was the case for these 22 entities or if that has some connection? I do know DIR is leading the response.
UPDATE: I just heard from a friend who has worked arm in arm with these folks and the answer is:
Hey Shawn. Answer to your DIR question is no. DIR does not provide services to local gov in this form but does coordinate response.
As we learn more, yep, it was an MSP — join the discussion here:
TO: The “IT Guy”
FROM: Shawn Tuma
SUBJECT: Your clients affected by ransomware
STOP OVERWRITING / WIPING / DELETING OR OTHERWISE DESTROYING YOUR CLIENTS’ DATA WHEN THEY ARE AFFECTED BY RANSOMWARE!!!
PLEASE!!! PRETTY PLEASE!!! PRETTY PLEASE WITH SUGAR ON TOP!!! JUST STOP IT!!!
Seriously, everyone understands that ransomware is scary stuff and when you discover that one of your clients has been hit by it, it can cause quite a bit of panic. That is understandable. But, when you feel that sense of panic, that is not the time to act — that is the time to pause, take a deep breath, gather your senses, and let your emotions settle down and your brain take back over. Then, recall the Hippocratic Oath that doctors must take:
“first, do no harm”
Just because you cannot figure out what to do with the encrypted data does not mean that there are not other people out there who can. Consider these points:
- There are really good folks out there who are experts at getting data like this decrypted.
- There are outstanding cyber insurance policies that will pay the cost of the ransom to recover the data.
- Over the course of time, ransomware decryption keys start to make their way into the wild and data that was at one time unrecoverable magically becomes recoverable.
- And, in many cases, that original encrypted data is necessary to perform forensics that may prove to be very beneficial to your client.
But guess what? NONE OF THIS IS POSSIBLE AFTER YOU COME ALONG AND FINISH THE HACKER’S JOB BY DESTROYING ANY HOPE YOUR CLIENT EVER HAD OF RECOVERING ITS DATA BY PERMANENTLY DELETING IT!!!
PLEASE, JUST STOP IT!!!
The Texas Bar Journal’s year-end update on Cybersecurity & Data Privacy law was once again provided by Shawn Tuma and addressed the following issues:
- Lawyers’ Cybersecurity and Data Breach Obligations that are required under Texas law and the ABA’s Ethics Opinion 483 titled Lawyers’ Obligations After
an Electronic Data Breach or Cyberattack
- Whether an IT service provider’s locking a customer out of its computer violates the Texas “hacking” law
- Whether a woman viewing pictures on her boyfriend’s iPhone violates the Texas “hacking” law
The most important lesson about Apple’s iOS group FaceTime debacle that you are not hearing about should be a wake up call for everyone (Tuma explains this glitch on WFLA in Tampa, FL):
- If Apple, through a programming glitch, has the ability to allow someone to use your iOS device as a microphone to listen to your conversations without you even touching the device or knowing it was in use, then Apple can do the same thing through purposeful programming.
- If Apple can use programming to access your microphone, then it can also access your camera the same way.
- If Apple can do this, so too could nation states with sufficient access to the programming (If you doubt this, read this story of UAE hackers).
- If Apple and nation states can do this, so too can criminal hackers, with sufficient access. (Tuma explains more about this on WIOD in Miami, FL)
For decades our whole society has enjoyed the benefits of technology without accepting the responsibility of guarding against the privacy and security risks that go along with it. We have taken those things for granted and now it is time to pay the piper and become more responsible by being more cyber aware and using good cyber hygiene.
This is not just for the companies that provide this technology and collect and use our data. This is for all of us — we the people must learn to protect ourselves against these risks. (Tuma explains more about this on WJIM in Lansing, MI)
Here are a few points to consider to think about how we can do this:
- There is no such thing as 100% security when it comes to technology or data. There is always some measure of risk involved in the cyber realm.
- As you go through your day, imagine someone is listening and watching you through your telephone and think about what aspects of your private and business life you are unecessarily exposing through the technology and data we use.
- This isn’t intended to be alarmist and suggest that you purge all technology from your life, however, there are ways to minimize unnecessary risk:
- Do you really need your telephone in the private places you go, like your bedroom or restroom?
- Do you really need to share your company’s deepest, darkest secrets in an email when it could have been done in person?
- Do you need to have your telephone sitting on the table when you are discussing extremely sensitive private personal or business information, or, would that conversation go just as well (or even better) without the telephones?
The most likely “cyber attack” that your company will face will come in the form of an email. One of the most common forms of email attack is the business email compromise (BEC) and the most popular time of the year for the W-2 version of BEC is right now — tax season.
Read the full blog post to make sure you and your company are equipped with answers to:
• What is a W-2 BEC Attack?
• How Do Attackers Use the W-2 Information?
• Why Do So Many of These Attacks Happen During Tax Season?
• What Can You Do Now to Protect Your Company?
• What To Do if Your Company is Hit by this Attack?