State cyberteam helps agencies respond to uptick in ransomware attacks

It’s a new era for criminals in the digital age.

As data is emerging as one of the world’s most valuable resources, some cities in Texas have already fallen victim to a lucrative criminal digital heist known as ransomware — a virus that blocks access to your data for a payout.

In response to the growing threat, a team of tech-savvy Texans is helping chart a strategy for immobilizing attacks and helping victims recover from data breaches.

The Texas Military Department — the umbrella agency for the state’s National Guard branches — will host hundreds of state, local and county officials at Camp Mabry in Austin on Thursday to show how its Cyber Incident Response Team plans to handle future attacks while offering tips to protect valuable software.

Ransomware made headlines across the state in August after over 20 Texas entities were attacked. This virus crippled digital operations in several cities, cutting access to utility payments and other public records such as birth and death certificates.

The Travis Central Appraisal District also was infected by a ransomware virus in September that shut down access to the district’s website for a week.

Lt. Col. Chris Winnek, cyberoperations chief for the Texas Military Department, said these criminal operations originally targeted rural areas, but have since branched out to larger U.S. cities like Austin and Atlanta as many businesses, organizations and municipalities continue to pay ransom to recover stolen data.

The city of Atlanta was forced to pay $2.6 million for recovery efforts alone after the city refused to pay a ransom of about $50,000 following a 2018 attack.

“The cyber domain is a new frontier,” Winnek said. “We fully expect to see more incidents. As long as people are willing to pay ransoms, it’s going to be an ongoing issue.”

The Texas Military Department has recruited about 100 ransomware experts, a team made up of military and civilian volunteers, who were the first to respond to the August attacks, according to Winnek.

Half of the cybersecurity team work for the Army Guard, Air Guard and State Guard in cybersecurity. Others are civilian volunteers, some who work as bus drivers or teachers but who are talented in information security and assist the military only when needed.

“We’re Texans serving Texans,” Winnek said. ““Our teams are boots on the ground to meet with officials to figure out what systems are affected and develop priorities for restoration.”

The Texas Military Department declined to release how much funding the cybersecurity team receives. Officials did release a statement, however, saying that 96% of the agency’s budget is federally funded while the rest comes from the state’s general revenue fund.

Winnek said the Cyber Incident Response Team members also assist with federal attacks. He said the team is not, however, tasked with helping track down the criminals, but instead collects evidence to pass to such organizations as the FBI and U.S. Secret Service.

“After we work with officials to figure out what systems are affected, we then develop priorities for restoration,” Winnek said.

Local experts on Thursday plan to discuss previous attacks while brainstorming better responses to cyberemergencies in the future.

“Last year, we started this event and the energy and collaboration and partnership that occurred was unbelievable,” Winnek said. “We’re going to teach people how to prepare and get their critical data backed up. If data is backed up, then the ransom is meaningless.”

Federal and state officials strongly advise government entities and other hacking victims to not pay a ransom to retrieve their data. Instead, according to Winnek, they should work to prevent another such attack in the future.

“The same vulnerabilities will still be out there, and the bad guys could re-encrypt it and hit you up again,” he said. “If you don’t have backups, consider that data gone and move on.”