On Friday, 23 local Texas government offices were hit with a coordinated ransomware attack, our sister site ZDNet reported. Evidence suggests that the attacks came from a single threat actor, according to the Texas Department of Information Resources (DIR).
“Responders are actively working with these entities to bring their systems back online,” the DIR wrote in a press release. The state government network has not been impacted. The FBI, the Department of Homeland Security, and several other agencies are helping respond to the attack.
SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)
The ransomware that infected the government networks encrypts files and adds a .JSE extension at the end, ZDNet reported. While this strain of ransomware does not have its own name, and is generally called “the .JSE ransomware,” some vendors detect it as Nemucod.
This form of attack is different from others of the same nature in that it does not leave a ransom note behind, which confuses victims who are unsure of what happened, ZDNet noted. These attacks are becoming more common against US cities: A similarly coordinated ransomware attack hit several Louisiana school districts in July, prompting the governor to declare a state of emergency.
To keep your business safe from ransomware, IT and cybersecurity leaders should do the following, TechRepublic reported:
- Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
- Keep all software up to date, including operating systems and applications.
- Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
- Back up all information to a secure, offsite location.
- Segment your network: Don’t place all data on one file share accessed by everyone in the company.
- Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
- Develop a communication strategy to inform employees if a virus reaches the company network.
- Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.
- Perform a threat analysis in communication with vendors to go over the cyber security throughout the lifecycle of a particular device or application.
- Instruct information security teams to perform penetration testing to find any vulnerabilities.
For more, check out Ransomware: A cheat sheet for professionals on TechRepublic.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
10 dangerous app vulnerabilities to watch out for (TechRepublic download)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)