What is a ransomware attack? This expert says Tarrant County should’ve seen this coming

In the throes of a ransomware attack, the Tarrant County Appraisal District is mulling over whether to pay the hackers’ $700,000 ransom demand.

The Star-Telegram previously reported that the hackers had threatened to release “sensitive” information if their demands are not met, but TAD does not know if they actually have any information, said Lindsay B. Nickle, a cybersecurity attorney from Dallas hired by the district. The district said it is weighing its options, but does not want to pay, Nickle said.

County property owners are wondering what personal information the hackers may have harvested in the attack. In brief, no, TAD only keeps track of birthday, marital relation, tax filings, and deed filing info. However Tarrant County Chief Appraiser Joe Don Bobbitt told the Star-Telegram earlier this week that his office only keeps sales data on file.

In Tarrant County’s case, Medusa is the suspected culprit. They have a track record of using extortion as a tactic in negotiations.

⚡ More trending stories:

→ There’s no ‘better place’ to see April 8 total solar eclipse than in this tiny Texas town.

→ How a six-pack of beer, $100 got rescuers to pull pig out of thorns.

→When do tornadoes occur the most in Dallas-Fort Worth?

Could Tarrant County be more prepared for a ransomware attack?

A Dallas cyber security consultant points out how the county appraisal office could have been more prepared for the attack.

“Tarrant County is not the victim,” said Miguel Clarke, a cyber security expert with a Dallas firm and former FBI agent. “We should be asking ourselves, why didn’t they do more?”

Just a year ago, Dallas got hit with a similar attack. Clark asks: Why would Fort Worth not expect the same thing to possibly happen to them?

“Fort Worth residents want answers, and TAD should of been able to tell them the specifics of when it happened exactly, and what is the response plan, but they cannot because they have not been practicing for something like this to happen,” Clark said

So what exactly is a ransomware attack?

It is when hackers breach data servers using surreptitious means such as targeted phishing operations that harvest log on credentials to gain access.

“Ransomware is a type of malware (malicious software) that holds a victim’s data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker,” according to the IBM website.

It is estimated that more than a billion different malware strains have been created since the 1980s.

Hackers have threatened to release “sensitive” information in the TAD breach if their demands are not met.

There are two kinds of ransomware attacks: encrypting and non-encrypting.

TAD is a victim of the former — when hackers hold data hostage by encoding it. TAD’s website has been down since the initial attack on March 21.

A subcategory of an encrypting attack is leakware or doxware, also applicable to TAD’s attack. According to IBM, “Doxware is ransomware that steals, or exfiltrates, sensitive data and threatens to publish it.”

Here’s what that means in plain language:

• TAD was attacked by hackers who asked for a $700,000 ransom in exchange for not publishing the data they now have.

• This happened after the hackers got access to the coding of TAD data files, locking access to them.

• TAD has not decided if they will pay because they believe that the hackers do not have possession of sensitive information.