Early on August 16, a total of 23 local government organizations in Texas were hit by a coordinated ransomware attack. The type of ransomware has not been revealed, and Texas officials asserted that no state networks were compromised in the attack.
A spokesman for the Texas Department of Information Resources (TDIR) told Ars that authorities are not ready to reveal the names of the entities affected, nor other details of the attack. State and federal agencies are in the midst of a response, and TDIR did not have information on whether any of the affected governmental organizations had chosen to pay the ransom.
But the TDIR did reveal that the ransomware came from a single source. “At this time, the evidence gathered indicates the attacks came from one single threat actor,” a spokesperson said. “Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.”
Texas Department of Information Resources has more information:
On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments. Later that morning, the State Operations Center (SOC) was activated with a day and night shift. At this time, the evidence gathered indicates the attacks came from one single threat actor. Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time. It appears all entities that were actually or potentially impacted have been identified and notified. Twenty-three entities have been confirmed as impacted. Responders are actively working with these entities to bring their systems back online. The State of Texas systems and networks have not been impacted. The following agencies are supporting this incident:
- Texas Department of Information Resources
- Texas Division of Emergency Management
- Texas Military Department
- The Texas A&M University System’s Security Operations Center/Critical Incident Response Team
- Texas Department of Public Safety
- Computer Information Technology and Electronic Crime (CITEC) Unit
Cybersecurity- Intelligence and Counter Terrorism
- Texas Public Utility Commission
- Department of Homeland Security
- Federal Bureau of Investigation – Cyber
- Federal Emergency Management Agency
- Other Federal cybersecurity partners
And in convenient retweetable form:
We are leading the response to a ransomware attack on at least 20 Texas local government entities. For more information, including #ransomware facts and cybersecurity tips see our attached guides and visit our website at https://t.co/FmjRaiKKgI pic.twitter.com/1Dq88cv6XW
— Tx Dept of IR (@TexasDIR) August 17, 2019
Consider this yet another reminder to use strong passwords you can remember, to backup all your files (especially all your important files) regularly, update your virus definitions and security patches regularly (between starting and publishing this piece, I updated both Firefox and macOS), and to never open an email attachment or click on a link unless you’re absolutely sure you know who it’s from.
Tags: Crime, cyberwarfare, data security, Internet, Texas