More security improvements are coming to the Tarrant Appraisal District, and systems are mostly back online after a cyberattack took them out of commission, Chief Appraiser Joe Don Bobbitt announced during an April 22 board of directors meeting.
It has been nearly a month since the Tarrant Appraisal District was the victim of a ransomware attack by the hacking group Medusa. Since the initial attack, the compromised data has been leaked on the internet and the appraisal district has been purchasing additional equipment to beef up their system’s security.
In an April 18 appraisal district meeting with representatives of the taxing entities, Bobbitt said the agency is still investigating how the virus entered the system.
“We have learned a lot of lessons on other avenues that could have happened, things we need to tighten up on,” he said. “Some of it has to do with hardware; some of our equipment is quite old, so we’ll be asking the board of directors to allow us to buy new equipment to replace that.”
At the April 22 meeting, they did just that. The board voted to retain its cybersecurity consultant for $25,000, as well as purchase $230,000 worth of new hardware equipment to enhance security.
On March 25, board members approved the purchase of Office 365 and SentinelOne software for added security. They also approved an agreement with Improving Enterprises for network support, security and system reviews, at a total cost of around $235,000. In all, board members have approved $490,000 in security upgrades since the ransomware attack.
Brett Callow, a threat analyst at Emsisoft, an antivirus software company focused on ransomware attacks, said organizations often address gaps in their security after incidents like a cyberattack, rather than before, by adding more or new security layers.
“They want to be seen to be doing something to ensure that this won’t happen again,” he said.
That’s not always necessary and doesn’t always mean the system is more secure, Callow said.
“Attacks are typically complex and multistage. When the attackers initially gain access to a network, they can disable whatever security product was running, which then allows them to deploy their own firmware, which encrypts the files. And potentially they can do that no matter which product is running,” Callow said.
Online protest options expected back soon
The data leak and continuous system disruption came during the district’s busiest time of the year: appraisal protests. Every year, taxpayers have the right to protest their property appraisal if they believe it is inaccurate.
Property owners who wish to appeal their appraisals have until May 15 or 30 days after receipt to file, whichever comes later. At this time, no extension is expected.
Residential appraisals are up 7% this year in most parts of the county, Bobbitt said.
He announced that the dashboard and online protest options will be back online by the end of the week. Property owners looking to protest their appraisal can either wait a few days for the system to be fully functional or come into the office, where stations with appraisers have been set up to resolve issues, he said.
“We do have the TAD Express, where we have appraisers waiting and they’ll actually sit down with people and actually help them go through their evaluation, explain it, possibly even resolve it without having to come back into a full form of protest — 90% actually get resolved,” Bobbitt said.
District offers identity protection, refused to pay ransom
Early estimates by the outside counsel hired by the appraisal district found that about 300 individuals were potentially affected by the data hack. The board remains confident in that number.
The appraisal district is offering identity theft protection to those who were affected by the data leak. The same security firm the district is using will monitor the victims’ credit scores for any suspicious activity.
Board member Gloria Peña emphasized the importance of safe practices in this digital age, when more information than ever is available online.
“I would advise everybody, whether you received a letter or not, you should practice safe security and change your passwords,” Peña said. “The dark web’s out there, and I don’t know if there’s anything we can do. … It’s a shame that we’re at that point in time that we have to be worried about this stuff.”
The initial ransom demand by Medusa was $700,000, but the amount was eventually reduced to $100,000. Bobbitt said the hackers brought the number down over time in an attempt to get some amount out of the appraisal district.
The board never paid Medusa, in accordance with FBI and cybersecurity expert guidelines and recommendations.
“As long as agencies continue to pay, then it makes it a viable business for the future. And with the amount of information that we had, most of us expected, you know, assumed it to be already public,” Bobbitt said. “So we’d be paying $700,000 to protect something that’s already out there.”
Appraisal district exploring new system software
More changes to how the appraisal district functions are on the horizon. At the April 18 meeting, Bobbitt said the district is working with the state to find new system software.
“We’re actively working on it right now. But we don’t know (how long it will take),” he said. “We’re moving as fast as we can.”
Bobbitt is hoping to have a contract with the vendor for a new system by August and transition to the new software by next year. He acknowledged that’s a very optimistic timeline.
He estimates the new system software could cost about $3 million. The appraisal district is looking for ways to fund that purchase.
“The software we have is pretty bad,” Bobbitt told taxing entities at the April 18 meeting.
Sandra Sadek is a Report for America corps member, covering growth for the Fort Worth Report. You can contact her at sandra.sadek@fortworthreport.org or @ssadek19.
Emily Wolf is a government accountability reporter for the Fort Worth Report. You can contact her at emily.wolf@fortworthreport.org or @_wolfemily.At the Fort Worth Report, news decisions are made independently of our board members and financial supporters. Read more about our editorial independence policyhere.
This article first appeared on Fort Worth Report and is republished here under a Creative Commons license.