The Commonwealth of Texas has earned the dubious honor of being the latest state or local government hit by a successful ransomware attack. The Texas Department of Information Resources (DIR) confirmed on Aug. 16 that at least 23 local government entities were hit by a “coordinated” ransomware attack. DIR said it will lead the cybersecurity response to the attack.
In an Aug. 17 statement, DIR said that the attack occurred on the morning of Aug. 16 and that the majority of the victimized entities were “smaller local governments.” In response to the attack, the State Operations Center was activated the same day with a day and night shift.
The DIR believes, based on the evidence currently gathered, that the attack came from one single threat actor. However, it did say that “investigations into the origin of this attack are ongoing,” but that “response and recovery are the priority at this time.” DIR noted that state resources are being deployed to the “the most critically impacted jurisdictions. Further resources will be deployed as they are requested.”
While local government entities were impacted, statewide systems and networks were not. However, numerous state and Federal agencies are actively involved in incident response, including: the Texas DIR, Texas Division of Emergency Management, Texas Military Department, The Texas A&M University System’s Security Operations Center/Critical Incident Response Team, Texas Department of Public Safety, Texas Public Utility Commission, Department of Homeland Security, Federal Bureau of Investigation – Cyber, and Federal Emergency Management Agency.
Texas is far from alone in being the target of ransomware attacks in recent months. The Lone Star State joins Louisiana, New York, Florida, and Georgia on the list of state and local governments who have recently been attacked.