How One Texas Town Dealt with an Early Ransomware Attack

Cyber threat from North Korea. North Korean hacker at the computer, on a background of binary code, the colors of the flag of the DPRK. DDoS attack
Getty Images

In 2019 the city of Borger, Texas, dealt with one of the earliest ransomware attacks in a recent series of Russia-based hacks. Although some services were disrupted, the town had most of its files backed up and essential services remained up. The town did not pay the $2.5 million ransom demanded by the hackers.

AP News reports that in 2019, the city of Borger, Texas, was targeted in a ransomware attack conducted by affiliates of the Russia-based crime syndicate REvil in one of the earliest examples of a major ransomware attack on a U.S. city government.

In 2019, ransomware attacks had taken place but had yet to become one of the biggest national security concerns in the United States; now ransomware attacks have become a major concern in the U.S., gaining publicity following the hack of Colonial Pipeline.

Borger, Texas, saw its city’s digital infrastructure fall apart within a matter of days following the ransomware attack. Services began to break down immediately.

Workers were frozen out of files. Printers spewed out demands for money. Over the next several days, residents couldn’t pay water bills, the government couldn’t process payroll, police officers couldn’t retrieve certain records. Across Texas, similar scenes played out in nearly two dozen communities hit by a cyberattack officials ultimately tied to a Russia-based criminal syndicate.

 

An early warning to the ransomware attack came after the head of a IT services company that works with the city was alerted to an intruder.

One of his client’s servers was unresponsive, he was told. Upon inspection, Myers noticed that someone who wasn’t supposed to be in the computer system was trying to install something remotely. He rebooted the server. Things initially seemed fixed until the department called back: One of its laptops had a ransom note on it.

Unlike the victims of more successful ransomware attacks over the last year, Borger had a plan in place that didn’t leave them completely at the mercy of the hackers.

Because the city had paid for offsite remote backup, Borger had the capability to reformat servers, reinstall the operating system and bring data back over. A newly purchased server that had yet to be installed came in handy. The police department, however, retained its data locally and the attack hampered officers’ access to previous incident reports, Spradling said.

Critically, the town did not pay the ransom demanded by the Russian hackers.  Although they are still missing some data to this day, the city was back up and running relatively quickly. As Breitbart News has reported, big paydays for ransomware hackers have escalated the frequency of such attacks.

Cybersecurity expert Morgan Wright appeared on SiriusXM’s Breitbart News Today to discuss how paying ransoms leads to more cybercrime. Wright said: “I think one of the underreported things about this, and I think it’s a day of reckoning, is the use of cryptocurrency to enable these groups to continue their activities. In other words, if you remove the ability to monetize this, these gangs are out of business because they’re only in it for one reason — to make money. So I think there’ll be a day of reckoning with how countries look at the use of cryptocurrencies, especially Bitcoin.”

Read more about the efforts to restore the city’s infrastructure at AP  here.

Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address lucasnolan@protonmail.com

.

Please let us know if you're having issues with commenting.