Texas ransomware attacker claims $ 2.5 million

The attacker who infected 23 Texan cities with ransomware is demanding $ 2.5 million to decrypt all encrypted files. According to the mayor of one of the affected cities, the attacker managed to enter via the it provider.

Last week, the Texas Department of Information Resources (DIR) reported that 23 smaller cities had become targets of a “ coordinated ransomware attack “ conducted by one attacker. One of the affected cities is Borger , where all systems went offline. Because of the ransomware, the city was unable to issue birth and death certificates and process payments for utilities and other matters. Thanks to the backup servers and data, various systems are now online again. However, the city cannot yet accept credit card payments.

Keene City Mayor Gary Heinrich informs NPR that the attacker entered through the software provider. “The guys who take care of our IT systems,” said Heinrich. “Many people in Texas have providers do this because we don’t have enough people to do it ourselves.” Further details about the incident and the respective provider are not given.

It has happened several times in recent months that managed service provider (MSP) customers have become infected with ransomware. In one of the latest incidents, the attackers managed to connect to the MSP via RDP, and then installed the ransomware on customer systems via a management console.