Others Must Learn from Recent Spate of Ransomware Attacks in Texas, Says Krebs

In the wake of the outbreak of ransomware attacks against more than 20 Texas local governments (as WaterISAC reported in its August 20 Security and Resilience Update and in an August 21 advisory),  DHS Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs encouraged organizations to apply the lessons that will emerge from the incidents. While those lessons are still being generated, Krebs underscored the importance of not giving into the attackers’ ransom demands. Krebs explained that paying ransoms is “rife with peril,” asking his audience, “Do you trust a criminal?” He then highlighted how in some cases payouts were handed over only for the victim to find that the decryption wasn’t complete. “So what did you pay for?,” he asked. “If you do pay out you’re just incentivizing the ransomware actor to keep doing this,” he said.” At present, it doesn’t appear as if any of the victims in the recent attacks in Texas have paid the ransoms. Krebs’ comments were made while he was unveiling CISA’s new “Strategic Intent” document. Read the article at Homeland Security Today.