Saturday, April 20, 2024 Apr 20, 2024
66° F Dallas, TX
Local News

North Texas Municipal Water District Becomes Latest Local Entity Hit by a Ransomware Attack

Less than a month after a ransomware attack on Dallas County systems, one of the area's largest water providers falls prey to an attack.
The North Texas Municipal Water District, which serves more than 2.2 million people, confirmed Tuesday that it had been the victim of a ransomware attack. North Texas Municipal Water District

Updated at 11:15 a.m. to include additional information about Daixin.

The North Texas Municipal Water District, one of the region’s largest water providers, is the latest victim of a ransomware attack. The attack, which officials say happened earlier this month, makes the district the fifth local government entity in a year to find itself undoing the damage caused by hackers. 

The ransomware gang Daixin Team claimed responsibility for the attack Monday and said the data it obtained in its attack included names, dates of birth, and Social Security numbers. Experts believe that the group is relatively new and smaller than the Play and Royal gangs that attacked Dallas County and the city of Dallas, respectively. The federal Cybersecurity and Infrastructure Security Agency (CISA) issued information about the group last year.

According to authorities, the ransomware gang has primarily focused its attention on healthcare and public health organizations. Daixin appears to use several methods to gain access to systems, including phishing emails to access VPN credentials and by exploiting vulnerabilities in VPN servers to access a network. 

In a statement to D Magazine, NTMWD spokesperson Alex Johnson said that the district “recently detected” the incident but that most of the access to its network had been restored, with the exception of the utility’s phone system.

“Our core water, wastewater, and solid waste services to our member cities and customers have not been impacted by this incident, and we continue to provide those services as usual,” he said. 

The district supplies drinking water to more than 2.2 million people in North Texas. Member cities include Allen, Frisco, Garland, McKinney, Mesquite, Plano, and Richardson. It also supplies water to several smaller water districts and smaller municipalities.

The district has hired forensic specialists to investigate the attack’s extent and notified law enforcement.

“The investigation is ongoing at this time and includes a review of any potentially impacted District data,” Johnson said. NTMWD will also update its member cities and customers “as appropriate.” 

The attack on the water utility comes on the heels of an October attack on Dallas County. Since November 2022, the Dallas Central Appraisal District, the city of Dallas, the city of Fort Worth, and the aforementioned county have experienced some sort of cybersecurity event. (Fort Worth experienced a data breach from a hacktivist group.)

On Tuesday, the website claimed in a post to have been in contact with a member of Daixin. According to the author, Daixin says it did not touch NTMWD water supply equipment. The site, which is run by an anonymous researcher, is well-known in cyber security circles for monitoring organizations hit by cyber attacks.

Diaxin claimed that a water district representative did begin negotiating with them around Nov. 12.

Negotiations cut off on Nov. 22, according to Daixin. The representative told DataBreaches that customers should “check your water bill carefully,” and alluded to “billing software.”

More than 80 local government agencies have been impacted by Ransomware this year, according to cybersecurity firm Emisoft. That uptick has some states exploring the possibility of banning the practice of paying ransomware gangs. 

Most cybersecurity experts—including State Cybersecurity Coordinator Tony Sauerhoff—say that paying ransomware gangs to decrypt data or prevent them from selling the data they obtain is inadvisable. One recent analysis found that 80 percent of organizations surveyed paid a ransom demand this year.

“You’re dealing with criminals, and you’ve got to pay them first, right? You don’t know if you’re going to get the decryption key,” Sauerhoff said. “You don’t know if they’re going to delete your data. You don’t know if they’re going to come back and tell you next year that they still have your data or if they’re gonna come back next month and exploit the same vulnerability they exploited today.”

In May, Brett Callow, a threat analyst and ransomware expert with Emsisoft, agreed with Sauerhoff’s stance. 

“The government should consider severely limiting the circumstances in which ransoms can be paid,” he said. “Bottom line, less profit would mean less ransomware.”

In 2021, state Rep. Giovanni Capriglione (R-Keller) sponsored legislation that would have prohibited the use of state and local taxpayer money (or any public money) to pay ransomware attackers. That bill died in committee. So far, North Carolina and Florida are the only states to pass legislation that would prevent taxpayer funds from being used in ransom requests.

There are no outright prohibitions on the federal level, either. However, some members of ransomware gangs are on U.S. Treasury Department sanctions lists, which would prevent any payments.


Bethany Erickson

Bethany Erickson

View Profile
Bethany Erickson is the senior digital editor for D Magazine. She's written about real estate, education policy, the stock market, and crime throughout her career, and sometimes all at the same time. She hates lima beans and 5 a.m. and takes SAT practice tests for fun.

Related Articles

Local News

Leading Off (4/19/24)

It's officially playoff time in North Texas.
Local News

Wherein We Ask: WTF Is Going on With DCAD’s Property Valuations?

Property tax valuations have increased by hundreds of thousands for some Dallas homeowners, providing quite a shock. What's up with that?
Local News

Leading Off (4/18/24)

Your Thursday Leading Off is tardy to the party, thanks to some technical difficulties.