National: Ransomware Can Interfere with Elections and Fuel Disinformation – Basic Cybersecurity Precautions Are Key to Minimizing the Damage | Richard Forno/Government Technology

Government computer systems in Hall County, Georgia, including a voter signature database, were hit by a ransomware attack earlier this fall in the first known ransomware attack on election infrastructure during the 2020 presidential election. Thankfully, county officials reported that the voting process for its citizens was not disrupted. The attack follows on the heels of a ransomware attack last month on eResearchTechnology, a company that provides software used in clinical trials, including trials for COVID-19 tests, treatments and vaccines. Less than a week after the attack in Georgia was revealed, the FBI warned that cyber criminals have unleashed a wave of ransomware attacks targeting hospital information systems. Attacks like these underscore the challenges that cybersecurity experts face daily – and which loom over the upcoming election. As a cybersecurity professional and researcher, I can attest that there is no silver bullet for defeating cyber threats like ransomware. Rather, defending against them comes down to the actions of thousands of IT staff and millions of computer users in organizations large and small across the country by embracing and applying the basic good computing practices and IT procedures that have been promoted for years.

Full Article: Ransomware Can Interfere with Elections and Fuel Disinformation – Basic Cybersecurity Precautions Are Key to Minimizing the Damage

Georgia election networks untouched by Hall County ransomware attack | Mark Niesse/The Atlanta Journal-Constitution

A ransomware attack that took over some Hall County election information won’t harm other Georgia election systems, according to the secretary of state’s office. “There is no connective tissue between those things, so I want to put everyone’s mind at ease on that,” Gabriel Sterling, the state’s voting system manager, said during a meeting Thursday of Georgia’s new Safe, Secure, and Accessible Elections Task Force. Hackers penetrated Hall’s networks and captured some election information, hindering the county’s ability to verify voter signatures on absentee ballot envelopes, Sterling said. “They weren’t targeting an election system. They were just targeting anywhere where they could get in,” Sterling said. “It never touched the state system.”

Full Article: A ransomware attack in Hall County didn’t infect Georgia election systems

National: Maze Ransomware Is An Election Night Threat | Calvin Hennick/StateTech Magazine

Imagine it: It’s election night, and the results are starting to trickle in. Then, just as the electoral picture is beginning to come into focus, large voting precincts in critical swing states begin to experience problems. Voter registration databases are inaccessible to election officials, and even the websites where results are posted come crashing down. The culprit? It’s ransomware — specifically Maze ransomware. This is a nightmare scenario, but one that Chase Cunningham, principal analyst and vice president serving security and risk professionals for Forrester, says could really happen… “I think there should be a whole lot more worry about it,” says Cunningham. “I think we’re going to see a ransomware event in a major district, and it’s going to cause civil unrest. Of all the things that concern me about the election cycle, that is the one that keeps me awake at night.” Maze ransomware, a new type of threat discovered in 2019, is a major point of concern. Here’s what state, county and local officials need to know about the threat, why voting systems are particularly vulnerable and what can be done to protect their systems before Nov. 3.

Full Article: How Maze Ransomware Threatens Voter Databases | StateTech Magazine

Georgia: Hacker Releases Hall County Election Data After Ransom Not Paid | Tawnell D. Hobbs/Wall Street Journal

A computer hacker who took over networks maintained by Hall County, Ga., escalated demands this week by publicly releasing election-related files after a ransom wasn’t paid, heightening concerns about the security of voting from cyberattacks. A website maintained by the hacker lists Hall County along with other hacked entities as those whose “time to pay is over,” according to a Wall Street Journal review of the hacker’s website. The Hall County files are labeled as “example files,” which typically are nonsensitive and used to encourage payment before a possible bigger rollout of often more-compromising information. The release of some of Hall County files came Tuesday, one week before the 2020 presidential election, in which election security has been a major focus. Recent polls show the race has tightened in Georgia, which was last won by a Democrat in 1992, and former Vice President Joe Biden, the Democratic nominee, made a campaign appearance there Tuesday.

Full Article: Hacker Releases Georgia County Election Data After Ransom Not Paid – WSJ

Virginia computers targeted by Trickbot malware before election | Mike Valerio/WUSA

Only days before the November election, Microsoft turned to a federal judge in Alexandria, arguing a ransomware network run by Russian-speaking cyber criminals posed a growing threat to the integrity of the vote. The corporation asserted its computer code is illegally used to operate Trickbot ransomware, a virus weaponized to lock electronic networks and make computers inoperable. That is, until a ransom is paid to the hackers. “Defendants have directed malicious computer code at the computers of individual users located in Virginia and the Eastern District of Virginia,” lawyers for Microsoft wrote in an October 6 federal civil complaint. “Defendants have attempted to and, in fact, have infected such user’s computers with malicious computer code.” The court this month granted approval for Microsoft to disable Trickbot servers and IP addresses, as the Pentagon’s U.S. Cyber Command launched a parallel action to neutralize the global botnet.

Full Article: Trickbot malware targeted Virginia computers before election | wusa9.com

Georgia: Ransomware hit Hall County. That didn’t stop its ballot counting. | Kevin Collier/NBC

A Georgia county has reverted to matching some absentee ballot signatures to paper backups, rather than an online system, after a ransomware infection spread to part of its election department. Poll workers in Hall County have since caught up on a backlog of absentee ballots, state officials said, and said there’s no danger of the ransomware extending to systems used to cast or count votes. But the infection is the first known example in the 2020 general election of opportunistic criminal hackers incidentally slowing the broader election process, something that federal cybersecurity officials have warned is a strong possibility.But the attack does not indicate any broad effort to tamper with U.S. voting or show systemic vulnerabilities to the U.S. election system. “They switched over to their paper backups, which is required of them,” said Jordan Fuchs, Georgia’s deputy secretary of state. “It took a little bit of work on their part — I think they had 11 days of catch-up to do — and they completed their task,” she said. A spokesperson for the county, Katie Crumley, said in an email, “For security purposes, we are not commenting on any specifics related to the ransomware attack.”

New York: Some ballot requests may be affected by Chenango County cyber attack | Associated Press

A hacker attack against an upstate New York county’s computer system raised concern that some emailed absentee ballot applications may not be processed, but the state Board of Elections said voting won’t be affected overall. The cyber attack on Oct. 18 encrypted about 200 computers operated by Chenango County and hackers demanded ransom of $450 per computer to unlock the files, Herman Ericksen, the county’s information technology director, said Monday. “We are not paying the ransom,” he said. Last week, the county board of elections released a public statement urging anyone who had sent an absentee ballot application by email since Oct. 15 to call the board to verify it had been received. The statement said the cyber attack would not otherwise impact voting because “the board has redundancies in place that will allow the secure and effective administration of the general election.”

National: US Cyber Command Teams With Microsoft To Limit TrickBot Botnet Ahead of Expected Election Interference | Scott Ikeda/CPO Magazine

Malware-as-a-Service (MaaS) giant TrickBot, a botnet estimated to be about one to three million computers strong, is the world’s largest of its kind and the biggest distributor of ransomware. Already wreaking havoc on the United States for several years, the US Cyber Command is also expecting it to be involved in election interference attempts ahead of the 2020 vote. Both Cyber Command and Microsoft are actively running persistent operations against the Trickbot botnet in an effort to reduce its capability, and there have been some significant successes. Cyber Command is the Pentagon’s offensive force in cyberspace, engaging in active measures against threat actors. The agency has been tracking TrickBot for some time; it came onto the US government’s radar after the Department of Homeland Security (DHS) issued reports indicating that it was a substantial ransomware threat to state and local IT networks. TrickBot not only poses a threat to the 2020 election, but also is an ongoing potential risk to disrupt critical infrastructure such as patient care facilities, financial institutions and utilities.

National: Ransomware feared as possible saboteur for November election | Eric Tucker, Christina A. Cassidy and Frank Bajak/Associated Press

Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal. Ransomware attacks targeting state and local governments have been on the rise, with cyber criminals seeking quick money by seizing data and holding it hostage until they get paid. The fear is that such attacks could affect voting systems directly or even indirectly, by infecting broader government networks that include electoral databases. Even if a ransomware attack fails to disrupt elections, it could nonetheless rattle confidence in the vote. On the spectrum of threats from the fantastical to the more probable, experts and officials say ransomware is a particularly realistic possibility because the attacks are already so pervasive and lucrative. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks. “From the standpoint of confidence in the system, I think it is much easier to disrupt a network and prevent it from operating than it is to change votes,” Adam Hickey, a Justice Department deputy assistant attorney general, said in an interview. The scenario is relatively simple: Plant malware on multiple networks that affect voter registration databases and activate it just before an election. Or target vote-reporting and tabulation systems.

National: Ransomware continues to be election-security fear for local officials | Benjamin Freed/StateScoop

The 2020 presidential election has already been upended by a disastrous pandemic that’s forced states to re-evaluate the methods by which people will vote this year. But election administrators, especially at the local level, must still contented with digital threats, like ransomware attacks, that could potentially disrupt voting infrastructure and create chaos on or after Nov. 3, county officials were warned last week during a webinar. The hourlong event, hosted by the National Association of Counties, laid out what a ransomware attack could do to a county’s ability to safely and accurately carry out an election. Ryan Macias, a former technology specialist with the federal Election Assistance Commission who is now an election security consultant to the Department of Homeland Security, laid out a pair of unsettling scenarios. “Picture it being National Voter Registration Day, Sept. 22, and your entire voter registration database is locked up,” he said. “Picture [on Nov. 3] that you’re getting to 8 p.m., close of polls, and you see a message that says: ‘Your system is locked up and you have no results for this election unless you pay us a ransom.’”

New Mexico: Rio Arriba County hit in ransomware cyberattack | Amanda Martinez/Santa Fe New Mexican

Rio Arriba County government was the victim of a ransomware cyberattack, with a significant but still unknown number of its network servers, electronic files and databases having been encrypted, according to a Wednesday news release. “While the exact extent of this cyberattack has not yet been determined, what is known is that nearly every county server that has files or databases on it has been affected in some way, including the County’s backup servers,” the news release states. Raymond Ortiz, the county’s information technology consultant, confirmed the cyberattack Wednesday but said he could not provide further comment. County Manager Tomas Campós did not immediately return a message. The affected servers, files and databases cannot be accessed, reviewed or edited. Officials discovered agencies had been victims of the cyberattack Tuesday and reported the intrusion to the county’s insurance company and federal law enforcement authorities, according to the news release.

North Carolina: Two ‘Russian’ Ransomware Attacks Take Down Durham North Carolina City And County Government Systems | Davey Winder/Forbes

The same Russian ransomware that is thought to have been responsible for the City of New Orleans state of emergency last year has now struck Durham City and the County of Durham in North Carolina. As 2019 wound down to an end, the City of New Orleans was hit by a ransomware attack, thought to be attributable to Ryuk. That attack was severe enough for Mayor LaToya Cantrell to declare a state of emergency. Now the City of Durham and Durham County, in North Carolina, have had to shut down networks after being hit by the same Russian ransomware. The City of Durham and Durham County Government IT systems were subject to a successful cyber-attack late Friday evening, March 6. Malware detection systems kicked in to provide immediate notification of the attack, and networks were closed down to prevent further spread. The incident was described as a cyber malware attack, or rather “two separate attacks” at a press conference held by officials Monday, March 9. Thomas Bonfield, Durham City manager, said that while the malware had “been contained ” and the city was in recovery mode, “most city networks and phones remain intentionally offline during the initial stages of the recovery process.” Bonfield said that the National Guard cybersecurity team was helping with the recovery effort. It should be noted, however, that critical public safety systems, including access to the 911 network, remained operational thanks to the emergency cyber-attack remediation process.

North Carolina: Ransomware Attack Hits Durham North Carolina City, County Governments | Lucas Ropek/Government Technology

Hackers of “Russian” origin targeted the city and county governments of Durham, N.C., over the weekend, hampering computer and communications networks with ransomware, according to local officials. The attack, which used the infamous Ryuk malware strain typically spread through malicious attachments in phishing emails, was carried out late Friday by a Russian hacking group, according to the North Carolina State Bureau of Investigations, one of the agencies looking into the attack. On the heels of a year with a precipitous rise in ransomware attacks on state and local government, the incident is one of several to occur in the first few months of 2020 that show the trend does not seem to be slowing.  City and county officials confirmed during a joint press conference Monday that the malware appears to have spread after internal employees clicked on infected emails.

National: Ransomware top of mind for DHS cyber chief | Derek B. Johnson/FCW

The Department of Homeland Security’s cyber chief said his organization is trying to do more to address ransomware and other digital threats that directly touch the lives of citizens. Speaking at the RSA Conference in San Francisco, Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said his agency has stepped up efforts to proactively reach out to federal agencies, local governments, businesses and critical infrastructure managers about how to prepare and what to do if their data is encrypted and held ransom by criminals or state-aligned hacking groups. “For years and years and years, particularly in the federal government, we’ve been focused on the nation-state adversary, the highly capable, the big four: Russia, China, Iran [and] North Korea,” he said. “I think we’ve been a little bit late to the game on ransomware,” he said, adding, it’s what average Americans see “in their schools, their hospitals and their municipal agencies.” Krebs described CISA’s role as that of a middleman uniquely positioned to canvass all the major stakeholders in the cybersecurity ecosystem and “facilitate a knowledge transfer from the haves to the have-nots.” CISA can leverage the collective financial and human capital resources of the big fish — like major banks — and push that knowledge and awareness down the chain to the broader cybersecurity ecosystem.

Florida: Cyber experts: Public should have known about 2016 Palm Beach County elections ransomware | Hannah Morse/The Palm Beach Post

In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. Is three years too long to learn that a ransomware attack happened at the Palm Beach County Supervisor of Elections Office? Yes, say cybersecurity and IT experts. In the wake of the dispute over the cyber intrusion at the county elections office, The Palm Beach Post asked a series of security professionals to weigh in on the revelation of the Zepto virus exposure in September 2016. “Not only should they report this, they should understand that just because everything seems normal it might not necessarily be,” said Silka Gonzalez, founder of ERMProtect in Coral Gables. “Even if a hacker is already inside your network and passively stealing your information everything in your workplace is going to look normal and ‘business as usual.’ These things don’t come with sirens and red lights.” The scrutiny over Zepto and its purported encroachment by an unknown entity through an elections office computer in the weeks before the 2016 presidential vote has been a source of controversy. This month, current Supervisor of Elections Wendy Sartory Link revealed the previously unknown cyber attack via a Zepto virus. The severity of the episode, however, has been disputed by her predecessor, Susan Bucher.

Florida: Palm Beach County elections ransomware attack raises security questions | Anthony Man and Skyler Swisher/South Florida Sun-Sentinel

From Tallahassee to Washington, D.C., officials and citizens voiced concern Thursday over an until-now undisclosed ransomware attack on the Palm Beach County elections office during the 2016 election season. The bombshell disclosure about the attack came from Supervisor of Elections Wendy Sartory Link, who said Wednesday she learned in November about the ransomware attack. Link, who took office in January 2019, said some of the agency’s data was corrupted, but the problem apparently was corrected and didn’t affect the November 2016 elections. The picture was muddied by the response from Susan Bucher, the supervisor of elections at the time, who said it never happened. The current county elections chief said she wasn’t trying to alarm the public — but the disclosure heightened concerns for some, coming just five weeks before Florida’s presidential primary and the local government elections for 20 cities, towns and villages in Palm Beach County.

Florida: DHS preparing report on 2016 Palm Beach election ransomware | David Smiley and Nicholas Nehamas/Miami Herald

Less than five weeks before Florida’s March presidential primary, the Department of Homeland Security is investigating a previously unreported cyber attack on Palm Beach County’s elections office, according to Supervisor of Elections Wendy Sartory Link. Link, who was appointed last year by the governor to oversee the county’s beleaguered elections department, said she contacted the FBI in November after a veteran IT employee told her that the office had been infected by a ransomware virus only a few weeks prior to the 2016 election. The virus was not publicly disclosed in 2016. Link said the FBI referred her to DHS, which sent a team of a half-dozen employees to her office late last month to do a “deep dive” into her department’s network. She said a report of their findings and recommendations is expected shortly. “We’ve had the top experts in the country here and they spent a lot of time with our system. When we get the report, we’ll be able to take care of everything we can take care of,” Link said in an interview Thursday. “I wanted this done before March if at all possible.”

Florida: Palm Beach County elections office hit by ransomware before 2016 election | Hannah Morse/The Palm Beach Post

Current Palm Beach County elections supervisor Wendy Sartory Link said she recently learned about a 2016 ransomware attack at the elections office. Weeks before the 2016 election that would usher in Donald Trump as president, the Palm Beach County Supervisor of Elections Office was subject to a ransomware attack, elections supervisor Wendy Sartory Link told The Palm Beach Post on Wednesday. The attack more than three years ago happened while Susan Bucher was elections supervisor, but Link said she was unsure how the virus infiltrated the system. “We weren’t part of that, but have we been hacked in Palm Beach County? Yeah, we have,” Link said during an editorial board interview. But Link said she does not believe the ransomware attack against the county is one of the two Russian hacking attempts in Florida revealed in former Special Counsel Robert Mueller’s report last April.

Wisconsin: Cities Still Recovering From January Cyberattacks | Miranda Suarez/Wisconsin Public Radio

Two Wisconsin cities are still recovering after they were hit with ransomware in January, and one state official predicts those kinds of attacks will only get worse in the future. Ransomware is a kind of cyberattack that locks governments or companies out of their data, usually demanding money in exchange for access. It often enters a system through phishing emails, which contain a shady link or attachment. Ransomware shut down internal computer systems, like email, in Oshkosh and Racine on Jan. 28 and Jan. 31, respectively. Oshkosh city spokesperson Emily Springstroh said the city is mostly back online, but they don’t know yet how the virus got in.

Louisiana: Hacks on Louisiana Parishes Hint at Nightmare Election Scenario | Kartikay Mehrotra/Bloomberg

James Wroten called the clerk of court in Vernon Parish, Louisiana last November with an urgent message. The timing wasn’t convenient. The clerk, Jeffrey Skidmore, was relaxing on his back porch and hoping to soak in some final moments of quiet before state and local elections. Skidmore let the call go to voicemail. But Wroten, whose company manages IT services for small companies and local governments, persisted until Skidmore finally picked up. “He told me we’d been infected by ransomware and to ask all 14 of my employees not to go into the office or try to access any of their files,” said Skidmore. “I was stunned. We had an election in six days.” That call, Wroten later recalled, was the start of one of the worst weeks of his life. Hackers had infiltrated Wroten’s company, Need Computer Help. From there, the attackers used the connections Wroten’s employees need to do their job in order to breach the networks of Vernon Parish and six other local parishes, the Louisiana equivalent of counties. The attacks highlight how vulnerable local jurisdictions remain despite four years of efforts to shore up defenses in preparation for the 2020 presidential election.

National: Election officials are watching how their states respond to cyberattacks | Benjamin Freed/StateScoop

State election officials said Tuesday that they’ve been watching how their state governments have responded to incidents like ransomware attacks as lessons on what they would do if the voter registration databases, vote-total reporting systems and other components of election infrastructure that they manage were targeted. Though the ransomware incidents that have spread through state and local governments across the United States have largely spared election systems from the worst, debilitating effects, the Department of Homeland Security last year said that local officials could be targeted by viruses that lock them out of voter rolls unless they pay a financial demand. And at a conference in Washington hosted by the Election Assistance Commission, state officials said they are paying attention to ransomware wave.

Louisiana: Cyber Attack Has Louisiana State Lawmakers Asking Questions | Chuck Smith/Red River Radio

The ransom-ware  cyberattack that occurred two weeks ago on Louisiana’s state government computer servers disrupted several state agency operations and prompted Governor John Bel Edwards to declare a state of emergency. The state activated its cybersecurity response team following the ransomware attack on government servers, and according to a press release the state did not lose any data nor pay any ransom, AND no personal data was compromised as state cyber-experts explained the attack was aimed at disrupting state server operations only. The shut-down was to prevent any unauthorized access and allow tech teams to take necessary cyber-security measures. While inconvenient the breach was nowhere near the worst-case scenario, of widespread  data  theft  or  crippled government services  for weeks or months. During  a recent meeting of the Joint House and Senate Budget Committee, Republican  Sen. Sharon  Hewitt  from  Slidell  praised  the quick response from Louisiana’s technology services office to the Nov. 18th  ransom-ware, but asked about  potential  vulnerabilities for future attacks.

Louisiana: No data lost, no ransom paid in Louisiana cyber attack; Ardoin says no impact on state elections | Mark Ballard/The Advocate

Monday’s ransomware attack, which crippled about 10% of the state’s computer network servers just hours after votes were tallied in statewide elections for governor, legislative seats and other positions prompted many to look for intrigue, a legislative panel heard Friday. “A lot of the conspiracy theorists are calling me,” said state Sen. Bodi White, R-Central. He questioned whether the attack, which kept many in state government from using their computers throughout much of the week, could cause problems for certification of election results or changed numbers in election returns. Secretary of State Kyle Ardoin said no. “Nothing impacted our system,” Ardoin said in an interview Friday. The website was down for a while. But, for the most part, the election office’s databases for voters and votes are separate from the state system.

Louisiana: Louisiana was hit by Ryuk, triggering another cyber-emergency | Sean Gallagher/Ars Technica

In October, the Federal Bureau of Investigation issued a warning of increased targeting by ransomware operators of “big game”—targets with deep pockets and critical data that were more likely to pay ransoms to restore their systems. The past week has shown that warning was for good reason. On November 18, a ransomware attack caused Louisiana’s Office of Technology Services to shut down parts of its network, including the systems of several major state agencies. These included the governor’s office, the Department of Health (including Medicare systems), the Department of Children and Family Services, the Department of Motor Vehicles, and the Department of Transportation. Louisiana Governor John Bel Edwards activated the state’s cybersecurity response team. While some services have been brought back online—in some cases, within hours—others are still in the process of being restored. Most of the interrupted services were caused by “our aggressive actions to combat the attack,” according to Louisiana Commissioner of Administration Jay Dardenne. “We are confident we did not have any lost data, and we appreciate the public’s patience as we continue to bring services online over the next few days.”

Louisiana: Government computers knocked out after ransomware attack | Christopher Bing & Raphael Satter/Reuters

Louisiana state government computers were knocked out following a ransomware attack, the governor said on Monday, as results from the close gubernatorial election in the southern state await certification. Many state agencies had their servers taken down in response to the attack, Governor John Bel Edwards said in a series of messages posted to Twitter. He said the agencies were coming back online but that full restoration could take “several days.” “There is no anticipated data loss and the state did not pay a ransom,” he said. Ransomware works by scrambling data held on vulnerable computers and demanding a payment to unlock it. Louisiana Secretary of State spokesman Tyler Brey said that while his office’s website was briefly offline, the tallying of Saturday’s vote, in which Bel Edwards narrowly won re-election, was unaffected. The vote drew national attention following U.S. President Donald Trump’s well-publicized endorsement of Bel Edward’s Republican challenger, Eddie Rispone.

National: States brace for ransomware assaults on voter registries | Laura Hautala/CNET

Extortionists have recently shut down municipal computer systems in Texas, Maryland, Florida and New York, threatening to erase databases unless the cities pay a ransom. Now officials around the country are concerned the tool the hackers used, known as ransomware, could be tapped to target state voter registration rolls and disrupt confidence as the nation heads into the 2020 election. Illinois, for example, is making its voter registration database accessible only from a closed fiber optic network, rather than the open internet, according to Matt Deitrich, a spokesman for the State Board of Elections. The Prairie State is making progress, though it still has a way to go, he says. Less than a third of its 108 jurisdictions currently connect to the database via the dedicated network. The security effort is worth it, Deitrich says. If a hacker successfully hits even one county’s election agency with ransomware, that can create the impression the whole system is compromised. “It’s a phenomenon that can undermine voter confidence,” Deitrich said. Ransomware would be a new feature of election hacking, which came to public attention after intelligence officials said Russian hackers probed voter registries during the 2016 presidential campaign. A ransomware attack in 2020 could prove devastating, preventing voters from registering or poll workers from confirming voter eligibility, officials say. The hackers’ goal wouldn’t be changing the votes that were cast, but spreading doubt that eligible voters were able to make their voices heard.

National: Ransomware threat raises National Guard’s role in state cybersecurity | Benjamin Freed/StateScoop

National Guard units already play a large role in state governments’ cybersecurity activities, such as protecting election systems, but the threat of ransomware to cripple a state or city organization is a growing concern for uniformed personnel, the top military official overseeing the National Guard across the United States said. While Americans are long used to seeing guardsmen and women roll into to disaster-stricken areas after a hurricane or wildfire, deployments following cyberattacks are increasingly common, Air Force Gen. Joseph Lengyel said Friday on a conference call with reporters, likening the recent ransomware incidents in Texas and Louisiana to a “cyber storm,” though not quite a “cyber hurricane.” “We’re seeing the whole of the first responder networks come to assist and mitigate the damage and get everything back up and running, and the National Guard is part of that response,” he said.

National: U.S. officials fear ransomware attack against 2020 election | Christopher Bing/Reuters

The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election. These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials. “We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet. The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta. “Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

Texas: Ransomware Attack Hits 22 Texas Towns, Authorities Say | Manny Fernandez, Mihir Zaveri and Emily S. Rueb/The New York Times

Computer systems in 22 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack that has sent state emergency-management officials scrambling and prompted a federal investigation, the authorities said. The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the “ransomware attack,” in which hackers remotely block access to important data until a ransom is paid. Such attacks are a growing problem for city, county and state governments, court systems and school districts nationwide. By Tuesday afternoon, Texas officials had lowered the number of towns affected to 22 from 23 and said several government agencies whose systems were attacked were back to “operations as usual.” The ransomware virus appeared to affect certain agencies in the 22 towns, not entire government computer systems. Officials said that there were common threads among the 22 entities and that the attacks appeared not to be random, but they declined to elaborate, citing a federal investigation. It was unclear who was responsible. The state described the attacker only as “one single threat actor.”