Evil walks this world, and it entered the Tarrant Appraisal District building last week when hackers infiltrated the district’s network, board chairman Vince Puente told those gathered at an emergency meeting March 24.
An unknown ransomware group is demanding $700,000 from the appraisal district, after a network disruption last week took the district’s systems offline. Lindsay B. Nickle, legal counsel for the district, said they believe hacking group Medusa may be responsible for the attack.
“If they steal from (the appraisal district), they’re stealing from our taxpayers,” Puente said.
Nickle said the group claims to have sensitive information, but the district doesn’t know whether taxpayer information has actually been compromised and an investigation is ongoing. She confirmed that the district has made contact with the group responsible, and said no decisions have been made on whether to pay the ransom.
“Nobody wants to pay a ransom,” she said. “And so the investigation is ongoing, and we’re looking into all of our options to recover (information).”
The appraisal district does not know where the attack originated. An outside group has been hired to investigate the incident further, Nickle said, but declined to name them. This is the second confirmed cyberattack against the agency in recent years, the first dating back to October 2022.
Medusa has been behind a rising number of data leaks in 2023, targeting industries like education, manufacturing, health care and retail.
Medusa hacked as many as 74 organizations, mostly in Europe, in 2023.
In response to the ransomware attack, appraisal board members voted unanimously to purchase Office 365 and SentinelOne software for improved security, technology testing and auditing. In addition, they approved an agreement with Improving Enterprises for network support, security and system reviews.
In all, the measures could cost up to $235,000. Board members transferred money from the committed technology fund to the general fund for the software and additional security oversight. Chief Appraiser Joe Don Bobbitt said while there are additional technology needs, those approved by the board are, “what we deemed as immediate needs to move us in the right direction.”
“These three items will greatly accelerate staff’s ability to facilitate the recovery from what’s happened in a more secure and robust way,” TAD board member and Fort Worth City Council member Alan Blaylock said.
Community members who spoke at the emergency meeting expressed a mixture of disappointment in what led up to the hack and hope in the future of the organization.
“I believe we have quality leadership in place … but we’re still dealing with the sins of the past,” tax consultant Chandler Crouch said.
The crash came a week after the appraisal district rolled out its new website, assembled to replace a previous website that angered residents for multiple problems, including glitches and slow pages during the property appraisal protest period. The old site crashed last week because of a database failure, prompting district officials to launch the new site last week — earlier than anticipated.
Jerald Miller, a Fort Worth resident, said he’d tried to warn board members about security before, but had his concerns brushed aside. He called for Puente to resign as chair.
“I’m appalled and disgusted at the continuing, ongoing escapades of this organization,” he said.
Ransomware attacks on the rise
Ransomware attacks have become more prominent over the years, said Jingguo Wang, a professor of information systems and operations management at the University of Texas at Arlington. Data from the FBI showed more than 2,800 complaints about ransomware were reported last year, including 156 from government facilities.
Similar attacks can be found in school districts, municipalities and small hospitals, he said. Locally, these attacks have been on the rise. Hackers accessed information from the city of Dallas in April 2023, including addresses and social security numbers. Dallas County was also hit by a cyberattack by ransomware group Play in October, and stolen information was then posted on the dark web.
The websites for agencies like an appraisal district may be lacking in security management or be behind on best practices, making them easy targets. That can give hackers easy access to valuable information, Wang said.
“(Appraisal districts) have Social Security numbers and addresses,” Wang said. “Those are sensitive personal information.”
The findings of a report published after the October 2022 cyberattack were limited because evidence from the attack had been deleted in the time between when the hack occurred and when the investigation started. Although the report failed to determine whether valuable information was stolen by hackers, Wang said it may have offered potential hackers a window on TAD’s information system.
“The report by itself increased the transparency of their security management but it might also come with a downside in the sense that the hackers or bad guys out there, they can study the report, they can understand their weaknesses and their strengths and maybe get around whatever is in place and get into the system,” Wang said.
It’s likely the hackers infiltrated TAD’s system months ago and that the recent network disruption is the result of those long efforts, Wang said.
“Those softwares are going to look around those data files, look around at the application system, encrypt the system at a certain point, then they jump out at you saying ‘Hey, pay me the money, otherwise, you cannot use the system or access that data,’” he said.
Hack tests new appraisal district officials
The hack marks the first notable challenge for the appraisal district since a leadership overhaul last year.
Longtime chief appraiser Jeff Law resigned in September after multiple taxing entities took votes of no confidence in him. The appraisal district faced criticism for its lack of transparency, accusations of targeting, and comments made by its IT executive aboutcreating a “false narrative” on website issues during Law’s tenure.
Joe Don Bobbitt took over as chief appraiser in February and has already earned praise from board members. He worked on launching the new website in response to resident concerns about the previous site. Site functionality is essential during the protest period, as residents can use it to view and protest their appraisal values online.
Joe Don Bobbitt, Tarrant chief appraiser, listens to taxpayer concerns about the recent March 23 ransomware attack that shutdown the agency website. (Sandra Sadek | Fort Worth Report) Immediately after the hack, board members told the Fort Worth Report they had faith in Bobbitt’s leadership, and described the website problems as holdovers from Law’s time leading the appraisal district.
They reiterated their confidence at the March 25 meeting.
Puente said despite being on the job for only two months, Bobbitt has acted like a pro throughout the situation, and understands the complexity of the issue as the district searches for answers.
“In a terrible situation, we have the best team possible I could ever imagine,” Puente said.
This article first appeared on Fort Worth Report and is republished here under a Creative Commons license.