In the second week of January, a situation similar to Atlanta city was faced by city officials of Del Rio, Texas. The city’s municipal hall was struck by a ransomware attack on January 10. As soon as the city administration came to know about the attack, it asked the Management Information Service (MIS) Department to deal with the ransomware removal and containment.
Cybersecurity experts from the department disconnected the affected workstations to prevent the spread of infection to the other city departments. Moreover, they also shut down all servers of the city administration to ensure the infection remain contained to targeted devices only.
City Officials Had to Resort to Pen and Paper
This attack is very reminiscent of last year’s Atlanta Municipal shutdown. According to local news reports, city officials had to manually take care of day-to-day municipal tasks while teams were carrying out ransomware removal and recovery measures. Moreover, the delivery of many services got halted because of the unavailability of databases present on shutdown servers. It took four days by the experts to restore the digital network of the city of Del Rio to its original state.
Unusual Ransom Note
According to some undisclosed information, the attack infected somewhere between 30 and 45 workstations of the City Hall. It has also been reported that the attackers mentioned a phone number in the ransom note for the negotiation on the extortion price.
City administration, however, did the right thing and employed their own ransomware removal measures instead of being played into the hands of the attackers. Moreover, they also immediately reported the incident with the FBI. The federal law enforcement body has been quite busy these days in dealing with such ransomware attacks all across the country.
Why Ransomware Operators Target Entities Working in Public Domain?
Apart from a tool of hybrid warfare used by nation state against each other, most of the ransomware attacks are carried out with the objective of making money through extortion for providing ransomware removal solution.
Public sector entities are more vulnerable to downtimes because the majority of them have to ensure round-the-clock services. Ransomware operators exploit this vulnerability of public sector entities. They target them to incur extended downtimes by encrypting their crucial databases. Without data backups and professional ransomware removal measures, the targeted entities don’t have any other option except to pay the attackers to get their locked down data back.