Ransomware

The Dallas City Council approved nearly $8.6 million in payments for services related to the ransomware attack earlier this year, including credit monitoring for potential identity theft victims.

Officials are now saying that as many as 26,212 Texans were impacted by the ransomware attack that hit city systems between April 7 and May 4. The hackers accessed names and Social Security numbers among other information.

The cyber attack against Waterbury Health and ECHN health systems was reported on Thursday, but the extent of the incident and details about how it was detected remained unclear as of Friday.

The city issued a formal notice for the first time about potential data being exposed since detecting the ransomware attack by hacking group Royal. Officials say the data of “certain individuals” was accessed by the group.

For the second time in the state, a large number of people had their data exposed when hackers exploited vulnerabilities in the file transfer tool MOVEit. The breach targeted a contractor to the Oregon Health Plan.

Officials announced that the county had been targeted by CL0p, a hacking group tied to Russia, in a cybersecurity breach of the common file transfer tool MOVEit. A range of sensitive personal data was affected in the breach.

A public school district in southern Louisiana is working with state police to identify the origin of a security failure July 25. The district has yet to learn how much and what kind of data may have been obtained.

The special group tapped by Gov. John Bel Edwards' administration in 2019 to respond to cyber attacks has been in a state of near constant activation. The costs to the state and local government agencies have spiraled in that time, state data shows.

When a school or district suffers a cyber attack, informing the public avoids fueling speculation, engenders trust and helps the public understand why it makes sense for government agencies to invest in cybersecurity.

In an email sent Tuesday to city employees, City Manager T.C. Broadnax said information stored by the city’s human resources department was exposed in the May cyber attack against city systems.

The ransomware attack, concealed in an email, downed all three of the George County’s servers when it struck on July 15. The incident prompted an emergency declaration that allowed the IT team to circumvent contracting processes.

The new National Cybersecurity Strategy Implementation Plan sets specific time frames for providing boosted state and local cyber support, deciding on a federal cyber insurance backstop and more.

The attack highlights risks around holiday weekend attacks, targeted software supply chains and the growing popularity of data-theft-based extortion. Still, zero-day exploits comprise only a small slice of extortion attacks.

What could have been a digital quagmire for California’s largest school district served as a chance to hone cyber response and gird its more than 250 applications used by some 1.6 million users.

Two months after Dallas’ ransomware attack, lingering impacts remain. City officials say that 97 percent of the network has been restored, but the city still won’t publicly disclose all the services still impacted.

The state auditor’s office’s new program offers local governments quick assessments of their cyber postures, plus advice for improving. This can help governments get ready while on the waitlist for the state’s more in-depth cyber audits.

A new global report finds that cyber extortionists are increasingly using double extortion or skipping encryption entirely, going directly to just threatening to publish stolen data.

An insurance rating agency found the cost of cybersecurity coverage doubled in a five-year period before going up another 75 percent in 2021 alone, but the decline of cryptocurrencies may be slowing that trend.