How to avoid .JSE ransomware that hit the Texas government

par | Août 19, 2019 | Sécurité

A coordinated ransomware attack hit 23 local Texas governments encrypts files and adds a .JSE extension at the end. Here’s how to prevent an attack.

On Friday, 23 local Texas government offices were hit with a coordinated ransomware attack, our sister site ZDNet reported. Evidence suggests that the attacks came from a single threat actor, according to the Texas Department of Information Resources (DIR). 

« Responders are actively working with these entities to bring their systems back online, » the DIR wrote in a press release. The state government network has not been impacted. The FBI, the Department of Homeland Security, and several other agencies are helping respond to the attack. 

The ransomware that infected the government networks encrypts files and adds a .JSE extension at the end, ZDNet reported. While this strain of ransomware does not have its own name, and is generally called « the .JSE ransomware, » some vendors detect it as Nemucod. 

This form of attack is different from others of the same nature in that it does not leave a ransom note behind, which confuses victims who are unsure of what happened, ZDNet noted. These attacks are becoming more common against US cities: A similarly coordinated ransomware attack hit several Louisiana school districts in July, prompting the governor to declare a state of emergency. 

To keep your business safe from ransomware, IT and cybersecurity leaders should do the following, TechRepublic reported: 

  1. Keep clear inventories of all of your digital assets and their locations, so cyber criminals do not attack a system you are unaware of.
  2. Keep all software up to date, including operating systems and applications.
  3. Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
  4. Back up all information to a secure, offsite location.
  5. Segment your network: Don’t place all data on one file share accessed by everyone in the company.
  6. Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
  7. Develop a communication strategy to inform employees if a virus reaches the company network.
  8. Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.
  9. Perform a threat analysis in communication with vendors to go over the cyber security throughout the lifecycle of a particular device or application.
  10. Instruct information security teams to perform penetration testing to find any vulnerabilities