The Texas Department of Information Resources said Friday afternoon it is responding to a widespread ransomware attack that has affected nearly two dozen local government organizations across the state.
Elliot Sprehe, a DIR spokesman, said the agency has confirmed that 23 government entities were impacted by the incident, though it has not identified the communities where the victims are located or the specific IT systems impacted. The type of malware used and ransoms demanded have not been identified, though DIR described the situation as a “coordinated” operation that current evidence links to a single actor.
Sprehe also said the ransomware attack currently appears limited to local governments, and that state IT operations have not been hit.
DIR is leading the response to the reported cyberattack, according to a press release. The Texas Division of Emergency Management is also coordinating support from other agencies through the Texas State Operations Center in Austin. The Texas National Guard and cybersecurity professionals from Texas A&M University have been also dispatched to deal with the ransomware incident. The state’s Commission on Environmental Quality and Public Utility Commission are involved with the response effort as well.
Several federal agencies, including the FBI and Department of Homeland Security, are also assisting the response.
Nan Tolson, a deputy press secretary for Gov. Greg Abbott, told StateScoop the governor is also deploying cybersecurity experts to targeted areas in order to assess the extent of the ransomware’s damage and help those local governments restore their operations.
Ransomware, especially against state and local governments, is one of the fastest-growing types of cyberattacks, with more than 200 publicly disclosed incidents since 2013. Attacks frequently use phishing links designed to trick recipients into opening an attachment containing malware that proceeds to infect a system and encrypt its files. Several types of ransomware are also known to take advantage of vulnerabilities in older versions of Microsoft Windows that have not been updated or are no longer supported by the manufacturer.
State and local governments got were reminded last month to take “immediate action” in beefing up their defenses against cyberattacks, specifically ransomware, in the form of a joint memorandum from DHS, the National Association of State Chief Information Officers, the National Governors Association and the Multi-State Information Sharing and Analysis Center.
“The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries,” the memo read.