'Coordinated' Texas Ransomware Attack Whacks 22 Local Governments

All 22 attacks appear to have come from one single threat actor, with the majority targeting ‘smaller local governments,’ according to the state’s Department of Information Resources.

A “coordinated” ransomware attack launched Friday morning has impacted 22 towns across Texas, according to the state's Department of Information Resources (DIR).

All 22 attacks appear to have come from one single threat actor, with the majority targeting "smaller local governments," the DIR said late Saturday. All entities that were actually or potentially impacted by the ransomware have been identified and notified, according to the DIR.

Responders are actively working with affected towns to bring their systems back online, according to the DIR. Although investigations into the origin of the ransomware attack are ongoing, the DIR said response and recovery are the priority at this time.

Sponsored post

[Related: 10 Lessons Learned From The Biggest Ransomware Attacks]

Later Friday morning, the Texas State Operations Center (SOC) was activated with both a day and night shift, the DIR said. Neither the systems nor the networks of the state of Texas itself were impacted by the ransomware, the DIR said.

Resources were deployed Friday to the most critically impacted jurisdictions, and the DIR said it was committed to providing the resources needed to bring the affected towns back online. The DIR did not disclose which towns were hit by the ransomware or if any of the municipalities have paid the ransom.

The DIR is being assisted by numerous federal and state agencies in the investigation, including the Federal Emergency Management Agency (FEMA), the Department of Homeland Security, the FBI's cyber division, and the Texas Department of Public Safety's Computer Information Technology and Electronic Crimes (CITEC) unit.

All told, Texas is estimating the ransomware will cost county governments $3.25 million, city governments $2.34 million, and educational institutions $1.8 million, according to the DIR. An additional $5 million of ransomware expenses are expected to be unreported, the DIR said.

The public sector is often forced to fight ransomware with weapons that are obsolete from the moment they obtain them, according to Pierluigi Stella, CTO at Houston-based cybersecurity solution provider Network Box USA. But budget cycles often mean that money for cybersecurity software is often allocated two years in advance, Stella said, making it hard to respond to the latest threats.

"In a world wherein hackers come up with something new every single day, and we deploy new protections literally every minute, [cities have] to wait two years to get something they truly need now," Stella said in a statement.

Cyberattacks against municipal governments have exploded since the National Security Agency lost control of the Eternal Blue malware in 2017, The New York Times reported in May, indicating that attacks in the past two years against Baltimore, Allentown, Pa., and San Antonio have all used the exploit. Baltimore said in June that it had spent more than $18 million recovering from the ransomware attack.

Also in June, city leaders in Riviera Beach, Fla. and Lake City, Fla., agreed to pay hackers $600,000 and $460,000, respectively, of ransom in hopes of having their systems restored. Insurance picked up virtually the entire ransom payment in both municipalities.