Twenty-three Texas towns have been struck by a “coordinated” ransomware attack, according to the state’s Department of Information Resources.
Ransomware is a type of malicious software, often delivered via email, that locks up an organization’s systems until a ransom is paid or files are recovered by other means. In many cases, ransomware significantly damages computer hardware and linked machinery and leads to days or weeks with systems offline, which is why it can be so costly to cities.
According to a weekend update by the Texas DIR, the attacks started Friday morning and though the locations aren’t named, “the majority of these entities were smaller local governments.”
Texas Governor Greg Abbott ordered a “Level 2 Escalated Response” on Friday following the incident, according to a statement from Governor’s Office deputy press secretary Nan Tolson. This response level, determined by the state’s Department of Emergency Management, is part of a four-step response protocol, and is one step below the highest level of alert, level 1 or “emergency.”
According to state emergency management planning guide, this means “the scope of the emergency has expanded beyond that which can be handled by local responders. Normal state and local government operations may be impaired.”
In addition to the state and local agencies assisting with the response, “Governor Abbott is also deploying cybersecurity experts to affected areas in order to assess damage and help bring local government entities back online,” Tolson said.
This NPR story has more details.
The Federal Bureau of Investigation and state cybersecurity experts are examining the ongoing breach, which began Friday morning and has affected mostly smaller local governments. Officials have not disclosed which specific places are affected.
Investigators have also not yet identified who or what is behind the attack that took the systems offline, but the Texas Department of Information Resources says the evidence so far points to “one single threat actor.”
Elliott Sprehe, a spokesman for the department, said he was “not aware” of any of the cities having paid the undisclosed ransom sought by hackers. He said the areas impacted are predominantly rural. The department initially put the number of cities attacked at 23.
Two cities so far have come forward to say their computer systems were affected. Officials in Borger in the Texas Panhandle, said the attack has affected city business and financial operations. Birth and death certificates are not available online, and the city can’t accept utility payments from any of its 13,25o residents. “Responders have not yet established a time-frame for when full, normal operations will be restored,” city officials said.
Experts say that while government agencies have increasingly been hit by cyberattacks, simultaneously targeting nearly two dozen cities represents a new kind of cyberassault.
“What’s unique about this attack and something we hadn’t seen before is how coordinated attack this attack is,” said threat intelligence analyst Allan Liska. “It does present a new front in the ransomware attack,” he said. “It absolutely is the largest coordinated attack we’ve seen.”
Liska’s research firm, Recorded Future, has found that ransomware attacks aimed at state and local government have been on the rise, finding at least 169 examples of hackers breaking into government computer systems since 2013. There have been more than 60 already this year, he said.
The city of Keene, near Fort Worth, was also hit, and their Mayor said the attack came via their IT provider, as these small towns outsource that task since they don’t have sufficient resources to do it themselves. This is a real problem that’s going to keep happening, and we really should put more money and effort into fighting against it at a state and national level. Good luck to all involved in cleaning up the mess. A more recent statement from the Texas DIR is here, and the Star-Telegram, the Chron, and the Trib have more.