“Once it’s activated, your computer system is
effectively locked from use until you pay that
ransom as requested,” he said.
Cybersecurity experts said the number of
cities affected by the Texas attack far exceeds
attention-grabbing hacks of individual systems
owned by cities, counties and state agencies in
recent years.
The best recourse for victims of a ransomware
attack is to restore the captive systems from a
saved backup, assuming they have one, said
Brian Calkin, chief technology officer for the
Center for Internet Security. If not, officials must
decide whether to pay the ransom or rebuild
their system from scratch.
“Ransomware is mostly opportunistic,” Calkin
said. “They’re casting as wide a net as possible
and they want to see whoever they can catch
and compromise.”
State and federal agencies, including the
Department of Homeland Security and the
FBI, are working with the affected Texas cities.
Sprehe declined to provide more detail on the
number of cities that have resumed normal
activity or details of their recovery.
In Keene, a community of about 6,000 people
about 45 miles (72 kilometers) southwest of
Dallas, the attack took down all municipal
computers and left the city unable to process
credit card payments, said Landis Adams, the
city’s economic development director.
City staff first noticed server problems early
Friday morning and the computers of its
roughly 50 employees have been unusable
since, he said.