Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label TAD. Show all posts

300 Strikes: Fort Worth's Battle Against the Medusa Gang

 


In the wake of a cyberattack on Tarrant County Appraisal District in March, the Medusa ransomware gang has claimed responsibility for the hack and has threatened the public with the threat of leaking 218 GB of the stolen data unless the ransom of $100,000 is paid within six days. 

According to the Tarrant County Appraisal District, approximately 300 individuals' personal information was stolen in a recent update. As of this original report (April 9th), the county organization was still about four days away from publishing the alleged data stolen in the attack after the gang forewarned it to do so on April 6th. 

TAD appeared on the Medusa leak blog on April 6th. It is recommended to report any suspicious activity as soon as possible to the authorities, but affected individuals will be contacted to ensure that their personal information remains safe. Even though the county has not yet responded to whether the ransom will be paid, it is understood that the attack has been reported to the FBI, and plans are underway to restore operations. 

Additionally, the Medusa gang recently attacked an Illinois county on the border with Iowa in addition to the Tarrant County incident. As of 2023, the group began to work its way onto the scene. It soon became involved with a large number of victims, including a company in Italy that supplies drinking water to close to half a million people, a large school district in Minnesota, Sartrouville, a French village, the state-owned telecommunications company of Tonga, and most recently, the government organization in charge of the Philippines' universal healthcare program. 

It is no secret that Medusa made headlines in the fall of last year when it attacked Toyota and a technology company created by two of the biggest banks in Canada. A ransomware gang known as Medusa first appeared on the scene in late 2022 and has been consistently active ever since. In January, they attempted to extort Water for People, a nonprofit that works to improve water access for all. 

As recently as December 2017, Medusa became the target of three separate school districts within less than a week and compromised the personal information of thousands of students and teachers across three districts. It was reported in December of that year that Medusa's leak blog revealed that the group published the files from the school districts from all three districts in December as well. 

Two other school districts in Pennsylvania appeared to have been hit at that time; while Minneapolis Public Schools had been hit earlier in the year. Moreover, in November, the threat actors attacked Toyota Financial Services and took down systems in the region, forcing Toyota to take some systems offline for days. In addition, the threat actors also attacked Moneris, a Canadian fintech company that processes payments for Starbucks and IKEA. 

Medusa is regarded as operating under a ransomware-as-a-service (RaaS) model, whereby the company sells its trademark ransomware variant to other ‘criminal affiliates’ for a cut of the profits generated from sales of their ransomware variant. TAD did not disclose how much data the ransomware group took or precisely what information had been compromised. 

However, Medusa has now threatened to leak the supposed stolen information unless a $100,000 ransom is paid to them. The gang has posted a sample cache of around 40 documents said to have been exfiltrated during the recent attack by the group. According to Cybernews, the purported samples are a collection of financial documents, commercial and residential property databases, property owners' information, records of properties, judgments obtained by the courts, details about board members, tax information, records of employees, and the like. 

The recent ransomware attack that hit the Tarrant County Appraisal District in Tarrant County, Texas, has highlighted the critical need for organizations to adopt a proactive approach to cyber defence and consider it a continuous process rather than reactive. There is a history of international cyberattacks conducted by the Medusa cybercrime gang that is well known, he said. 

There has been an increasing realization by the intelligence community that traditional, reactive measures are no longer effective when faced with adversaries like Medusa, which are using advanced tactics. According to him, empowering ourselves to navigate the evolving digital landscape requires more than just technological upgrades; it requires us to change the way we perceive and prepare for cyber threats, move from a reactive posture to a proactive, anticipatory position, and adopt proactive measures that get us ahead of the game. 

There are 73 jurisdictions in the county served by the Tax Assessment Division, which is the division of local property tax assessments. It has been estimated that there are approximately 2.1 million inhabitants in Tarrant County, with the government offices situated in the city of Fort Worth, one of the largest cities in the state. 

There is no state or local government in Texas that levy or collect taxes from its residents because it is one of the few states where taxes are not imposed. The government delegated that responsibility to city and county governments, so TAD has an extremely important role to play there. The Tax Assessor's Department, or TAD, is a government agency responsible for property appraisal and the determination of eligibility for property tax exemptions for homeowners, the elderly, disabled adults, disabled veterans, and nonprofit organizations and charitable organizations. 

The latter are not necessarily charitable. A ransomware gang could be easily convinced to take advantage of the amount of sensitive personal information stored and processed within TAD's network if it were to think it had a chance to profit from those stolen files. It is also worth noting that even though TAD claims that only a small amount of individual data was exposed in the attack, it is oftentimes not known in the immediate aftermath of such a breach what the true effects of the breach will be. Tarrant Appraisal District was recently found to have suffered a breach of its data, which is not the first time this has happened.

Ransomware Strikes Tarrant Appraisal District

 



Tarrant Appraisal District (TAD) finds itself grappling with a major setback as its website falls prey to a criminal ransomware attack, resulting in a disruption of its essential services. The attack, which was discovered on Thursday, prompted swift action from TAD, as the agency collaborated closely with cybersecurity experts to assess the situation and fortify its network defences. Following a thorough investigation, TAD confirmed that it had indeed fallen victim to a ransomware attack, prompting immediate reporting to relevant authorities, including the Federal Bureau of Investigation and the Texas Department of Information Resources.

Despite concerted efforts to minimise the impact, TAD continues to work towards restoring full functionality to its services. Presently, while the TAD website remains accessible, the ability to search for records online has been temporarily suspended. Moreover, disruptions extend beyond the digital realm, with phone and email services also facing temporary outages. This development comes hot on the heels of a recent database failure experienced by TAD, which necessitated the expedited launch of a new website. Originally intending to run both old and new sites concurrently for a fortnight, the agency was compelled to hasten the transition following the database crash.

Chief Appraiser Joe Don Bobbitt has moved seamlessly to reassure the public, asserting that no sensitive information was compromised during the disruption. However, TAD remains vigilant and committed to addressing any lingering concerns. The agency is poised to provide further updates during an upcoming board meeting.

These recent challenges encountered by TAD underscore the critical importance of robust cybersecurity measures and organisational resilience in the face of unforeseen disruptions. Against the backdrop of escalating property values across North Texas, scrutiny of appraisal processes has intensified, with TAD having previously grappled with website functionality issues. Nevertheless, the agency remains steadfast in its commitment to enhancing user experience and fostering transparency.

In light of recent events, TAD remains resolute in prioritising the integrity of its operations and the safeguarding of sensitive data. The deliberate response to the ransomware attack prompts the agency's unwavering dedication to addressing emerging threats and maintaining public trust. As TAD diligently works towards restoring full operational capacity, stakeholders are urged to remain careful and report any suspicious activity promptly.

The resilience demonstrated by TAD in navigating these challenges serves as a testament to its dedication to serving the community and upholding the highest standards of accountability and transparency in property valuation processes.