Early on August 16, a total of 23 local government organizations in Texas were hit by a coordinated ransomware attack. The type of ransomware has not been revealed, and Texas officials asserted that no state networks were compromised in the attack.
A spokesman for the Texas Department of Information Resources, or TDIR, told Ars that authorities are not ready to reveal the names of the entities affected, nor other details of the attack. State and federal agencies are in the midst of a response, and TDIR did not have information on whether any of the affected governmental organizations had chosen to pay the ransom.
But the TDIR did reveal that the ransomware came from a single source. “At this time, the evidence gathered indicates the attacks came from one single threat actor,” a spokesperson said. “Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.”
Response teams from TDIR, the Texas Division of Emergency Management, Texas Military Department, Department of Public Safety, and the Texas A&M University System’s Security Operations Center/Critical Incident Response Team SOC/CIRT are currently involved in the effort to bring systems back online, as are federal officials from the Department of Homeland Security, the FBI, FEMA, and other agencies.
This has been a particularly brutal year for ransomware thus far. While opportunistic attacks against consumers appear to be down from last year based on data from Malwarebytes, attacks against businesses and governments are up by 365 percent. IBM X-Force incident reporters have noted a more modest 116 percent increase in customer ransomware incidents. In July, the US Conference of Mayors reported that there have been 22 ransomware attacks on the city, county, and state governments in the first six months of 2019.