RansomHub Ransomware Strikes Texas City and Minneapolis Park Agency
The notorious RansomHub cybercriminal operation, responsible for numerous high-profile attacks in 2024, has claimed responsibility for ransomware attacks targeting the city of Coppell, Texas, and the Minneapolis Park and Recreation Board. These attacks, which caused significant disruptions to essential services, highlight the increasing vulnerability of municipal governments to sophisticated cyber threats.
Coppell, Texas: Widespread System Disruptions
The city of Coppell, a Texas city with a population exceeding 40,000, announced technology issues on October 23rd, 2024. These issues stemmed from a RansomHub attack that crippled various city systems. The attack resulted in outages affecting the internet, library services, permit and inspection platforms, and Municipal Court operations. WiFi at city facilities was also compromised.
While city government phone systems were restored by November 1st, libraries remained offline until November 15th. Utility bill platforms were restored on November 14th, but the city extended payment deadlines and waived late fees and service shut-offs.
Most other city operations were back online by November 20th.
Coppell City Manager Mike Land acknowledged that data on one server “may have included partial, and potentially outdated, individual and vendor information,” stating, “We understand our responsibility to protect the information we receive and maintain, and we are working diligently to investigate, resolve this incident, and assist those impacted.”
The city pledged to continue investigating the incident’s root cause and identify those affected. Coppell’s attack follows similar incidents affecting other Texas cities, including Dallas, Fort Worth, and Richardson.
Minneapolis Agency Ransomware Attack: System-Wide Outage
The Minneapolis Park and Recreation Board, managing 7,059 acres of parkland and serving 30 million visitors annually, also fell victim to a RansomHub attack. The agency disclosed the attack last week, revealing that its technology systems were targeted. The attack resulted in a system-wide phone outage.
The MPRB stated, “The MPRB ITS department immediately took action to prevent further impacts. MPRB phone lines are down and MPRB staff are working to determine what information may have been breached/accessed… It is unfortunate that these types of cyber-attacks are now common throughout the private and public sectors.”
This incident follows a previous ransomware attack on Minneapolis’ school system last year, which exposed sensitive student data.
RansomHub’s Expanding Reach and Modus Operandi
Beyond the attacks on Coppell and the Minneapolis agency, RansomHub also claimed responsibility for attacks on two U.S. schools. The group’s rapid rise this year has seen them launch hundreds of attacks against various sectors, including airports, healthcare organizations, manufacturing companies, and critical infrastructure. U.S. law enforcement agencies reported in August that approximately 210 organizations had been victimized by RansomHub since February.
The group’s emergence followed the UnitedHealth Group ransomware attack, which involved data on nearly a third of all Americans. When another ransomware gang was dismantled, hackers reportedly turned to RansomHub, which offered the stolen data for sale. Since then, RansomHub has claimed responsibility for high-profile attacks on Frontier, Rite Aid, Christie’s, the city of Columbus, Ohio, and one of the oldest credit unions in the U.S.
The Minneapolis Agency Ransomware Attack and the Growing Threat to Municipal Governments
The attacks on Coppell and the Minneapolis Park and Recreation Board underscore the escalating threat of ransomware to municipal governments. The sophistication of these attacks, the widespread disruption they cause, and the potential for sensitive data breaches demand a heightened focus on cybersecurity preparedness and response at all levels of government.
The continued success of groups like RansomHub highlights the need for proactive measures, including robust cybersecurity infrastructure, employee training, and effective incident response plans. The impact of these attacks extends beyond immediate service disruptions, affecting public trust and potentially impacting long-term recovery efforts.
