http://www.breitbart.com/politics/2021/07/26/how-one-texas-town-dealt-with-an-early-ransomware-attack/
By Lucas Nolan
Breitbart
July 26, 2021
In 2019 the city of Borger, Texas, dealt with one of the earliest ransomware attacks in a recent series of Russia-based hacks. Although some services were disrupted, the town had most of its files backed up and essential services remained up. The town did not pay the $2.5 million ransom demanded by the hackers.
TechXplore reports that in 2019, the city of Borger, Texas, was targeted in a ransomware attack conducted by affiliates of the Russia-based crime syndicate REvil in one of the earliest examples of a major ransomware attack on a U.S. city government.
In 2019, ransomware attacks had taken place but had yet to become one of the biggest national security concerns in the United States; now ransomware attacks have become a major concern in the U.S., gaining publicity following the hack of Colonial Pipeline.
Borger, Texas, saw its city’s digital infrastructure fall apart within a matter of days following the ransomware attack; workers were frozen out of files completely, printers printed demands for money, residents were unable to pay water bills, the government couldn’t process its payroll, and police officers couldn’t gain access to certain records.
“It was just a scary feeling,” said Jason Whisler, Borger’s emergency management coordinator. The afternoon that the attack took place, the city manager of Vernon emailed colleagues about a “ransom type” virus affecting the police department, stating that the city was instructed it could get back online by paying the $2.5 million that hackers were demanding. “Holy moly!!!!!” replied city commissioner Pam Gosline, now the mayor.
The hackers gained access to the city’s systems by targeting a Texas firm called TSM Consulitng Serivces Inc. that provides technology services to local governments. At 2:00 a.m., the firms’ president Richard Myers received a phone call where he was informed that one of his client’s servers was unresponsive.
After inspecting the server, Myers noticed that someone who wasn’t supposed to have access to the system was attempting to install something remotely. He rebooted the server and the issue seemed to be fixed, but the next day the department called back to inform Myers that one of its laptops had a ransom note on it.
“I don’t think you can begin to express the terror that goes through your mind when something like that starts to unfold,” he said.
Because the city had paid for offsite remote backup, Borger was able to reformat servers, reinstall the operating system, and restore much of the now encrypted ransomware data. A newly purchased server was used to host much of the restored data. A combination of appropriate backups and the ability to manually control critical infrastructure like the town’s water treatment plant made the attack much less successful than more recent ransomware attacks.
Read more about efforts to restore the city’s infrastructure at TechXplore here.
The essential American soul is hard, isolate, stoic, and a killer. It has never yet melted. ~ D.H. Lawrence
| 
