The attackers have threatened to start releasing the data they stole in seven days. REvil can only attack Windows systems.
Cooke County had a population of 38.437 at the last US census in 2010 and the seat of the county is in Gainesville. In 2019. the estimated population was 41,257, according to Wikipedia.
It includes Gainesville and TX Micropolitan Statistical Area, which is also included in the Dallas–Fort Worth, TX-OK Combined Statistical Area
About 10.90% of families and 14.10% of the population were below the poverty line, including 19.80% of those under the age of 18 and 10.70% of those aged 65 or over. The median house value in 2015 was US$118,254.
A screenshot from the website of the REvil ransomware attackers. Supplied
The county only has a telephone number for contact and is closed at the moment.
"If REvil has indeed hit Cooke County, it will be at least the fifth US municipality to have had data stolen by a ransomware group," commented Brett Callow, a ransomware threat researcher from the New Zealand-headquartered security firm Emsisoft.
"In three of the previous cases, the stolen data was published – one city paid to prevent publishing. And, of course, there may well be others that we do not know about. So far this year, 58 US state and municipal entities and one federal entity have been affected by ransomware. Last year, 113 were hit at a cost of about US$7.5 billion (including the cost of attacks on the health and education sectors)."
Last December, Emsisoft released a report about the incidence of ransomware attacks on US public sector bodies for 2019, and found that at least 948 government agencies, healthcare providers and educational establishments had been affected.
In the first three months of 2020, however, Emsisoft has seen a downward trend in such attacks, though there is no let-up on attacks on private sector entities.
Callow said local governments needed to improve their security. "Studies and audits have repeatedly shown they practise cyber security poorly, with some even failing to implement best practices that are legally mandated," he said.
"In the past, ransomware attacks were simply expensive inconveniences but, more often than not, they're now data breaches. Should local governments not take immediate action to bolster their security, it is inevitable that more will experience ransomware attacks which result in their data, and their residents' data, leaking online."