Tarrant County, Texas, Security Team Foils Ransomware Attack

An emergency computer incident response crew swept in, isolated the employee’s data from the rest of the county’s system and restored files to where they were an hour before the software attack occurred, with no information lost or stolen.

by Anna M. Tinsley, Fort Worth Star-Telegram / August 9, 2016
This message is displayed when users are infected with the Cryptolocker ransomware. If the user doesn't pay the ransom, his or her files are gone. Flickr/Christiaan Colen

(TNS) -- Tarrant County, Texas, was a target.

But that wasn’t obvious until an employee started having problems on a computer and a malicious software program penetrated the county’s extensive security system that includes at least two next-generation enterprise firewalls.

That employee’s files were locked, and a ransom was demanded before the worker could again access that data.

But the county didn’t pay.

An emergency computer incident response crew swept in, isolated the employee’s data from the rest of the county’s system and restored files to where they were an hour before the software attack occurred, with no information lost or stolen.

Now county security officers are ramping up a campaign they will take door to door within county government to boost knowledge and awareness of cybersecurity and the dangers that lurk on the internet.

“We need to send a message to those folks in Texas,” County Judge Glen Whitley told lawmakers gathered in Fort Worth recently. “If we catch you, it may be a long time before you touch electronic equipment again.”

‘Do not pay’

Whitley and others talked about cybersecurity during a recent Texas House County Affairs Committee meeting in Fort Worth. He said he hopes state lawmakers will consider passing legislation to assess tough sentences for cyber offenders.

Officials declined to detail the exact ransomware that penetrated the county’s system, but they said it was the first time in at least two years that anything like it had made it through firewalls.

But they know that Tarrant County, with nearly 2 million residents, is on the radar of cyber criminals.

“We are definitely a hard target,” Darren N. May, information security officer in the Tarrant County Information Technology Department, told the committee.

Right now the top concern: ransomware.

It’s a computer malware that installs on a person’s computer — or even on a tablet or smartphone — that starts to encrypt files, which prevents them from being opened by their rightful user.

On a computer, the software can run quietly in the background unnoticed until perhaps the wallpaper changes and a message pops up demanding a ransom and telling the user how to pay to be able to access files, photos and data again.

“They are encrypting and locking you out of your files, locking you out until you pay and ... then they’ll give you the key,” May said.

Do not pay. If you pay, now those 100 ‘crime families’ and others out there start to spread your name as someone who does pay. Darren N. May, information security officer in the Tarrant County Information Technology Department

“Do not pay,” he stressed. “If you pay, those 100 ‘crime families’ and others out there start to spread your name as someone who does pay.”

‘Rough world out there’

In the Tarrant County case, the virus likely came in through an email that contained a link the user may have opened.

May would not detail protocols or firewalls used to protect county government information.

But he told the House committee that the system includes many components, including intrusion protection, intrusion prevention, spam filters and more. And the system is scanned every day.

The county’s security controls are challenged thousands of times per day. But most potential attacks — which come from both the United States and abroad — are fended off, May said.

My industry says there are two types of industries: those that have been hacked and those that don’t know they’ve been hacked. It’s a rough world out there. Darren N. May

“We are doing our due diligence to keep this out,” he said. “My industry says there are two types of industries: those that have been hacked and those that don’t know they’ve been hacked. It’s a rough world out there.”

County campaign

In September, May plans to start his Security and Privacy Essentials campaign to teach county employees — and top elected officials in the county — how to keep their computers safe.

While May is alert for all types of computer viruses, it is ransomware that concerns him the most.

This is serious. Darren N. May

That’s because across the world, estimates show there are 4,000 ransomware attacks released every hour and 100,000 such attacks every day.

People who pay the ransom can even get a discount, an “early bird special,” if they pay early, May said.

“What’s keeping me up at night is ransomware,” May said. “Other malware is to screw up your system, keep you from working.

“This is a quick way to make money without breaking a sweat,” he said. “This is serious.”

©2016 the Fort Worth Star-Telegram. Distributed by Tribune Content Agency, LLC.