Loading...
You are here:  Home  >  Texas Ransomware

Texas Ransomware

Ransomware Took It

As you may or may not be aware of, this week it has been reported that twenty-two Texas towns were hit with a Ransomware attack.  For those who are not aware of this, click here to go to the NPR site where the story is discussed. There is an issue that we at Cybercrypto have with how the news is reporting these attacks. We find it to be deceptive and we wish to at a minimum reiterate something we need people to know.

The mayor of Keene Texas is being quoted quite a bit in this story. He states, "They got into our software provider, the guys who run our IT systems," Heinrich said. "A lot of folks in Texas use providers to do that, because we don't have a staff big enough to have IT in house." The statement is mind numbing.

How is that possibly an excuse? The infection vector for ransomware is basic. The user must click on something, an executable or JavaScript file needs to be activated. Whether it be through phishing or a drive by website, you must activate it. Worse even if you do, there should be some level of remediation built into your system to recover. OneDrive has ransomware protection built in. Windows 10 has it as a well. All you have to do is setup the folders you want protected.

So if their outsourced provider did not setup some level of restore/file remediation, did not securely monitor for external threats, did not monitor directories for odd behavior – who is to blame?

EVERYONE

Government – for taking shortcuts and evading their responsibility to safeguard data, for not understanding technology or allowing themselves to be versed in the what is going on in the cyber landscape.

Private Providers – for being lazy and not using the tools available because they don’t want to deal with their users

The User – for clicking on something that they have no business clicking on

The excuse is stupidity and ignorance. The tools are there, the security apparatus is there, it is merely the will to use it and the ability to set it up. At the end of the day what does it matter if it was a coordinated attack, the user clicked on something they had no business clicking on and the provider or the IT department let it through. There is so much bad information being disseminated that I felt the nees to put this out there because at its core the problem is basic.

However, until you – the user and the business owner thinks outside of the box, nothing is going to change. You can have as many certifications as you want or security clearances. The hacker has none of these but because he thinks strategically he will beat you every time because cooperate America has put itself in a box.

Contact us if you want to break out.