23 local Texas government organizations have been hit by ransomware in what is believed to be a coordinated attack. According to the Texas Department of Information (DIR), the attack mostly affected smaller local government departments.
23 goverment entities attacked by ransomware
Texas Department of Information says the attacks started Friday morning but does not specify which departments were hit specifically, only that they are smaller local goverment ones. According to reports, the attacks have been executed by a single threat actor. However, not much information has been revealed apart from that, including the origin of the attack, which strain of file-encrypting malware is responsible, or the amount of money requested by the ransomware. While the strain of ransomware responsible for the attacks has not been named specifically by the DIR, some media outlets have reported it to be the Sodinokibi ransomware.
23 victims have been confirmed, and all have been notified. While an investigation into the attacks is ongoing, DIR has said the main priority is to assist affected departments in recovery. It is unclear whether the departments in question had backup and can recover files.
“Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,” the DIR said in the statement linked above.
City of Borger was revealed to have been one of the affected entities. According the statement, normal business and financial operations and services have been affected, birth and death certificates are offline, utility or other payments cannot be accepted.
“This attack has impacted normal City business and financial operations and services, however, the City has implemented its continuity of operation plans and the City continues to provide basic and emergency services (Police, Fire, 9-1-1, Animal Control,Water, Wastewater and Solid Waste Collection). The City continues to actively work with responders to bring our computer systems back online and regain full operations. Responders have not yet established a time-frame for when full, normal operations will be restored,” the statement on Facebook reads.
Department of Homeland Security, Federal Bureau of Investigation, and Federal Emergency Management Agency are involved in the investigation. Cybersecurity experts, military and counter-terrorism units have been called to help bring the systems back online. Systems and networks of the State of Texas have not been affected by the attack.
More details about the attack will be revealed once the investigation is complete.
US cities are a common target of ransomware
Ransomware is a very profitable business, and because many companies and organizations do not review their security practices and do not testy their backup, they end up becoming victims. US goverment organizations in particular have become frequent targets, mostly because they are prone to paying the ransom in order to restore regular functions as quickly as possible.
New York, Maryland and Florida are among the states that have been affected by ransomware at some point. Riviera Beach, Florida paid $600,000 in Bitcoin to restore normal operations after being hit by ransomware, and Lake City, Florida paid $500,000 in a similar attack. When Baltimore was hit with ransomware, they refused to pay the requested $100,000, but ended up suffering losses of around $18 million. Cities that pay the ransom become more vulnerable to future ransomware attacks, as the general consensus is that someone who paid once is likely to pay again. In addition, these payments make targeting goverment entities very profitable.