Local gov’ts in Texas, Florida hit with ransomware as cyber leaders question best path forward

Several local governments were hit with ransomware this week as senior U.S. government cyber leaders debated how to deal with the problem, which continues to cause chaos in communities and expose troves of sensitive citizen information. 

The city of Killeen, Texas said this week it is recovering from a cyberattack that began on Wednesday morning. 

In statements on its website and on social media, city officials said the attack impacted internal system servers and they warned that citizens “may experience a delay in essential services at the Utility Collections division.”

Payments for utilities can only be made online or in person with cash or check and new residents will have to call in to register for utility services. They have already been able to restore services at the municipal court and transfer station, both of which were initially affected. 

The city — which is home to nearly 160,000 people — said that the attack was conducted by the BlackSuit ransomware gang. The group was spotlighted by the FBI and other agencies this week because it is a rebrand of another gang of hackers that previously shut down the city of Dallas last year. The group has demanded more than $500 million in ransoms since 2022.

Killeen officials said they are working with the Texas Department of Information Resources to resolve the effects of the attack, which resulted from the disabling of the utility customer service payment system.

“The department has been working diligently on restoring servers through a backup system, as their intended purpose is designed to do,” city officials said, urging residents to monitor financial accounts in case of suspicious activity. 

The city also cut off all connections it had with the larger network of Bell County in order to contain the issue. 

The attack on Killeen came one day after Florida’s Sumter County Sheriff’s Office also confirmed that it experienced a ransomware attack.

Officials there said they too cut off all access to the affected servers and immediately began working with Florida Digital Services to investigate the incident.

While they said the incident has not impacted law enforcement service response, they noted that access to “certain records” will be limited for the time being. The statement thanks “numerous” other Sheriff’s Offices who have experienced a similar incident and reached out to offer assistance to them. 

The attack was claimed by the Rhysida ransomware group on Friday and the gang demanded a $400,000 ransom by August 16. 

National leaders express concern about path forward

The attacks on Killeen and Sumter County are part of a string of ransomware incidents affecting healthcare institutions and governments over the last month. 

At the DefCon cybersecurity conference in Las Vegas on Friday, ransomware was one of the biggest topics of conversation among senior leaders within the U.S. government who spoke.

Anne Neuberger, deputy national security adviser for cyber at the White House, told an audience at the event that in 2023 alone, more than $1.3 billion was paid in ransoms, fueling the crisis further.

Neuberger admitted that previous efforts to ban ransom payments are now “paused” because of concerns about the need for hospitals and other organizations to pay immediately to restore services. But she acknowledged that there may be room in the future for “controls” on ransoms that would disincentivize businesses from paying. 

Beyond the concerns about ransom payments, Neuberger acknowledged the lack of answers the government has for the ransomware issue. The inability of U.S. officials to arrest ransomware actors has left them scrambling for other solutions. 

“There isn't law enforcement cooperation today between the U.S. and Russia. From an infrastructure perspective, we've done takedowns of infrastructure, often with partners around the world. They're temporary. There's so much vulnerable infrastructure that attackers can use in the second round,” she said. 

“So the question is, as governments, what should we do about that?”

She listed dozens of initiatives the White House has sought to push to address ransomware, including urging businesses and organizations to have backups in place so they can recover faster without paying ransoms. 

The White House has also launched free programs for hospitals and schools that cannot afford sophisticated cybersecurity protections. 

She also noted that they want to make it riskier and costlier to conduct ransomware attacks globally, spotlighting a recent effort by the State Department to name and put a bounty on several Iranian hackers. 

Another effort taking shape is the Counter Ransomware Initiative. At the end of September, Neuberger said 70 countries will gather to share information on blockchain analysis, regulatory approaches and more in an effort to better coordinate around stopping ransomware. 

But one of the core issues will always be that countries — most notably Russia — are harboring the people conducting attacks and she said it will likely require some amount of government intervention to deal with. 

“Those [need to be] government-to-government conversations. We have to say, this isn't acceptable,” she told attendees. 

Former U.S. Cyber Command and National Security Agency chief Paul Nakasone also spoke at length about the difficulties of the ransomware issue in speeches and a roundtable discussion with reporters on Friday. 

While he believes the ability of law enforcement to attribute attacks is getting better and the amount of partnerships between nations is growing, he said the U.S. “is not keeping up” and argued that a new strategy is needed. 

“We need increased pressures on countries like Russia that allow hackers to conduct criminal attacks into different countries within the world. And we need some new and innovative ideas to be able to address the profit motive and the profitability of what these criminals are doing,” he explained. 

“I am a big believer that there has to be a series of nations that put a lot of pressure on countries like Russia, where these ransomware actors are operating out of. And this is going to require a whole government approach. It's not just NSA and CyberCom, right? This is about the government being able to direct this, saying ‘this is where we need to go and these are the foreign partners we need to bring with us.’”