Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Texas. Show all posts

Ransomware Strikes Tarrant Appraisal District

 



Tarrant Appraisal District (TAD) finds itself grappling with a major setback as its website falls prey to a criminal ransomware attack, resulting in a disruption of its essential services. The attack, which was discovered on Thursday, prompted swift action from TAD, as the agency collaborated closely with cybersecurity experts to assess the situation and fortify its network defences. Following a thorough investigation, TAD confirmed that it had indeed fallen victim to a ransomware attack, prompting immediate reporting to relevant authorities, including the Federal Bureau of Investigation and the Texas Department of Information Resources.

Despite concerted efforts to minimise the impact, TAD continues to work towards restoring full functionality to its services. Presently, while the TAD website remains accessible, the ability to search for records online has been temporarily suspended. Moreover, disruptions extend beyond the digital realm, with phone and email services also facing temporary outages. This development comes hot on the heels of a recent database failure experienced by TAD, which necessitated the expedited launch of a new website. Originally intending to run both old and new sites concurrently for a fortnight, the agency was compelled to hasten the transition following the database crash.

Chief Appraiser Joe Don Bobbitt has moved seamlessly to reassure the public, asserting that no sensitive information was compromised during the disruption. However, TAD remains vigilant and committed to addressing any lingering concerns. The agency is poised to provide further updates during an upcoming board meeting.

These recent challenges encountered by TAD underscore the critical importance of robust cybersecurity measures and organisational resilience in the face of unforeseen disruptions. Against the backdrop of escalating property values across North Texas, scrutiny of appraisal processes has intensified, with TAD having previously grappled with website functionality issues. Nevertheless, the agency remains steadfast in its commitment to enhancing user experience and fostering transparency.

In light of recent events, TAD remains resolute in prioritising the integrity of its operations and the safeguarding of sensitive data. The deliberate response to the ransomware attack prompts the agency's unwavering dedication to addressing emerging threats and maintaining public trust. As TAD diligently works towards restoring full operational capacity, stakeholders are urged to remain careful and report any suspicious activity promptly.

The resilience demonstrated by TAD in navigating these challenges serves as a testament to its dedication to serving the community and upholding the highest standards of accountability and transparency in property valuation processes.


Fake Crypto Website: Berkshire Hathaway Issues Warning




Warren Buffett's company Berkshire Hathaway Inc. issued a warning to investors on Friday stating that it is not associated with a fictitious cryptocurrency trading website that uses the Berkshire Hathaway brand.

According to the website's creator, a Texas-based broker was established in 2020 to offer investors the chance to earn a fully passive income through investments in cryptocurrency mining.

It concerns alleged client endorsements and claims that the broker is licensed in the US, UK, Cyprus, and South Africa while mispronouncing the names of two authorities. Its email format is different from Buffett's company's.

Buffett has always been wary of cryptocurrencies; despite a change in the public's opinion of bitcoin, Buffett still would not purchase it. He has a bias to view cryptocurrencies as passive investments that holders purchase with the expectation of long-term price growth.

At the Berkshire Hathaway annual shareholders meeting on Saturday, he said that the asset is not productive and produces nothing measurable.

"The entity that owns this web address has no affiliation with Berkshire Hathaway Inc. or its Chairman and CEO, Warren E. Buffett," according to a statement from Buffett's company, which claimed it learned about the website.

It has gained recognition as an investment asset in Western countries, especially during the past year as rates and inflation have increased. People continue to see great potential for its application as digital currency in other areas.

"Assets must provide someone with something in order to be valuable. Additionally, just one type of currency is recognized. You can think of all kinds of things; we can even put up Berkshire coins, but at the end of the day, this is money," remarked Warren Buffett, holding up a $20 bill.

Requests for comment from the website's owner were not immediately answered. Recent months have seen increased scrutiny of cryptocurrencies.

As a result of reports of $10 billion in client, assets were transferred from FTX to Bankman-trading Fried's firm Alameda Research, FTX declared bankruptcy and is now under investigation by American authorities.

Port of Houston Attacked Employing Zoho Zero-Day Vulnerability

 

CISA officers on 23rd of September reported about a potential government-backed hacker organization that has tried to break the Port of Houston networks, one of the major port agencies in the United States, employing zero-day vulnerabilities in a Zoho user authentication device. 

Authorities at the Port claimed they fought the attack effectively, adding that the attempted breach was not influenced by operational data or systems. 

The attack investigation was launched that led to the formation of a combined advisory on 16 September by the CISA, the FBI, and the Coast Guard alerting American organizations of cyberattacks by a nation-state hacking group utilizing the Zoho zero-day. 

The zero-day was employed mostly in late August cyberattacks according to Matt Dahl, Principal Intelligence Analyst at the CrowdStrike security firm. Nevertheless, on 8 September Zoho fixed the vulnerability (CVE-2021-40539), whereupon CISA additionally sent the first warning on the ongoing attacks. 

CISA officials have claimed that they have still not given a specific hacking organization or foreign government the credit for the attack on the Port of Houston. 

The Port Houston is the nation's largest port with a waterborne tonnage and a vital economic powerhouse for the Houston area, the State of Texas, and the United States, which has held and managed public wharves and terminals along with Houston Ship Chanel for over 100 years. More than 200 private terminals and eight public terminals along with the federal waterway aid nearly 1.35 million jobs in Texas and a national 3.2 million jobs, while $339 billion in economic activity in Texas—20.6% of Texas' total gross domestic product (GDP), with economic impacts totaling $801.9billion across the country. 

“[A]ttribution can always be complicated in terms of being able to dispositively say who that threat actor is,” CISA Director Jen Easterly told senators in a meeting of the Senate Homeland Security and Governmental Affairs Committee. 

“But we are working very closely with our interagency partners and the intelligence community to better understand this threat actor so that we can ensure that we are not only able to protect systems, but ultimately to be able to hold these actors accountable,” the CISA Director added, who categorized the attackers as a “nation-state actor” in an answer to a subsequent question. 

However, The officers of Port of Houston did not respond to the response request to gather further facts regarding the attack.

Texas Hit By a Human-Operated Ransomware That Targets against Government Agencies and Enterprises



May 2020 was not a good month for both the Texas Courts and the Texas Department of Transportation (TxDOT) as the month marked the discovery of a new ransomware called Ransom X, being effectively utilized in human-operated and focused on attacks against government agencies and enterprises.

Advanced Intel's Vitali Kremez discovered a 'ransom.exx' which was believed to be the name of the ransomware. As this is human-operated ransomware, as opposed to one distributed by means of phishing or malware, when executed the ransomware opens a console that shows info to the attacker while it is running.

As indicated by Kremez, Ransom.exx works to terminate 289 procedures identified with security software, database servers, MSP softwares, remote access devices, and mail servers.

Ransom X will likewise play out a series of orders all through the encryption process that:
Clear Windows event logs
Delete NTFS journals
Disable System Restore
Disable the Windows Recovery Environment
Delete Windows backup catalogs
Wipe free space from local drives.

The commands executed are listed below:
cipher /w %
s wbadmin.exe delete catalog –quiet 
bcdedit.exe /set {default} recoveryenabled no 
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures 
schtasks.exe /Change /TN "\Microsoft\Windows\SystemRestore\SR" /disable 
wevtutil.exe cl Application 
wevtutil.exe cl System 
wevtutil.exe cl Setup 
wevtutil.exe cl Security 
wevtutil.exe sl Security 
/e:false fsutil.exe usn deletejournal /D C: 

The ransomware then starts to encrypt the entirety of the information on the computer and affix a custom extension related to the victim to each encrypted record.

As observed below, the custom extension for the Texas Department of Transportation attack was .txd0t.


Furthermore, when completed, the Ransom X console will show the number of encoded files and how long it took to finish it. In every folder that was scanned during the encryption procedure, a ransom note named![extension]_READ_ME!.txt will be made.

This ransom note incorporates the company name, and email address to contact, and guidelines on the most proficient method to pay the ransom.

As observed below, the ransom note is modified for a certain victim that is enduring an attack, which for this situation is the Texas Department of Transportation.


However, in the case of Texas where the attack made its significant hit it is to be noted that at the hour of the attack, it was not comprehended what ransomware focused on the government agencies.

In any case, because of the limited visibility into this ransomware operation, there is no data with respect to the ransom sums or whether they steal information as a major aspect of the attack.

This ransomware has now been broken down, analyzed, and seems secure, which implies that it is highly unlikely to decrypt the files for nothing.

Attackers demand $2.5 million for Texas Ransomeware




The cybercriminals who attacked multiple Texas local governments with file-encrypting malware via compromising service provider's network.

The attackers demanded a ransom of $2.5 million for decrypting the entire local government files, the mayor of a municipality says.

The Department of Information Resources (DIR) has announced that a total of 22 victims has been established, while all of them were attacked by a single party.

However, the names of all the victim municipalities have not been disclosed, whereas two municipalities have announced the hit publicly.

In a statement released by the city of Borger, "Based on the current state of the forensic investigation, it appears that no customer credit card or other personal information on the City of Borger’s systems have been compromised in this attack. No further information about the origins of the attack will be released until the completion of the investigation,"

Keene is another city affected by this ransomware attack. Both of the administration right now can not process card payments or utility disconnections.

The city will inform its citizen as soon as they restart business and financial services, press release. 

State of Texas Hit By a Ransomware Attack; 23 Agencies Shut Down!





The state of Texas got hit recently by a cyber-attack as a result of which 23 government agencies were taken down offline.

Per the DIR (Department of Information Resources) of Texas most of the aggrieved parties were small local government agencies which are unnamed so far.

The Texas state networks however are still unharmed. The State Operations center of the state has been rigorously working towards the problem.

Sources mention that all the state and federal agencies handling the case hint at the fact that the attack was coordinated by a single actor.

The attack has been categorized as a sure shot ransomware attack. Per sources in it was a stain which was identified as “Nemucod”.

The aforemetioned ransomware generally “encrypts files and then at the end adds the .JSE extension”, a researcher mentioned.

Allegedly, the US have been the target for a lot of cyber-attacks of late. With an apparent total of 53% of the entire global number, the US have been victimized the most by cyber-attacks.

A state emergency was declared on Louisiana in July this year in response to a ransomware attack on school computer systems.

The situation is very critical from the point of cyber-security as municipalities falling prey to such attacks and ransomware in particular is not a good sign at all.

Mass scale attacks and their increase in number are disconcerting on so many levels. Because threat actors willing to put so many efforts, like the researchers like to say, are numerous.