The hackers behind the cyberattack that has locked 22 local governments in Texas out of their own computer systems are requesting a collective $2.5 million in ransom, according to the mayor of one of the affected cities.
In an interview with NPR, Gary Heinrich, mayor of Keene, a city of about 6,000 just outside Fort Worth, said it will not be giving in to the demands and paying ransom.
“Stupid people,” Heinrich said in reference to the hackers. “You know, just no sense in this at all.”
Heinrich did not respond to a request for comment from Hearst Newspapers.
Keene was one of nearly two dozen public agencies in Texas hit by the ransomware attack Friday. Such attacks involve someone blocking access to a computer system until a ransom is paid. They can be delivered in a variety of ways, such as through an infected email link or by hacking existing software.
The Texas Department of Information Resources is investigating with the help of the Federal Bureau of Investigations and Department of Homeland Security. The state information resources department has said it believes the attack was a coordinated effort that came from a single person or group.
The state has declined to release the names of the affected cities, and would not provide details about the method of attack, the demands or whether any ransoms had been paid, citing security reasons.
According to a survey of clients by Connecticut-based cybersecurity firm Coveware, the average ransom payment was $36,295 and the average downtime an attack causes was nearly 10 days in the second quarter of 2019.
Public sector organizations accounted for about 3 percent of incidents but paid on average paid $338,700 in ransom, nearly 10 times as much, the survey showed.
A May 2019 report by cybersecurity firm Recorded Futures found that about 17 percent of state and local government entities hit by attacks paid ransoms while 70 percent did not; that information was unknown in the rest of cases.
So far, only two Texas cities — Keene as well as the Panhandle city of Borger — have publicly admitted they were among the 22 agencies that were attacked.
Heinrich told NPR the attacks, which have affected all aspects of City Hall business and left it unable to process utility payments, infiltrated the city through a third-party software provider that runs its IT systems.
“A lot of folks in Texas use providers to do that because we don’t have a staff big enough to have IT in house,” he said.
Borger spokeswoman Marisa Montoya declined to comment on whether the city would pay ransom. Montoya told Hearst Newspapers on Tuesday that the city owns cybersecurity insurance, which covers losses from attacks, often including ransom payments.
She said the city has been able to restore certain systems using backups and has salvaged certain parts of the network that were isolated from the attack, such as 911 and radio systems.
But other regular city business is at a standstill. It can’t accept most credit card payments, and has had to waive late fees for utility and other payments while promising residents no services will be turned off.