The threat actors behind the coordinated ransomware campaign that hit entities in Texas last week are demanding $2.5 million in ransom, the mayor of one city affected by the attack announced this week. The official also said the ransomware had been deployed via the software of the city’s managed service provider (MSP) for IT support. Ransomware campaigns on MSPs are increasing because the compromise of one such firm can enable attackers to subsequently target multiple clients at once.
While the number of victims was initially put at 23, the Texas Department of Information Resources (DIR) has since adjusted the number to 22. Insiders have told ZDNet that the attack involved the well-known ransomware strain Sodinokibi (REvil).
The DIR and other local authorities are investigating the campaign together with various federal agencies including the Department of Homeland Security, the Federal Bureau of Investigation (FBI) and the Federal Emergency Management Agency (FEMA). The authorities believe the campaign was carried out by a single actor. According to the DIR, 25% of the targeted entities have completed their response and assessment efforts and are now working on remediation and recovery.
Read more: Hackers Want $2.5 Million Ransom for Texas Ransomware Attacks