Twenty-three Texas towns hit by ‘coordinated’ ransomware attack that crashed local government ops

The wave of ransomeware attacks targeting 23 local government entities that hit Texas on Friday is believed to have cost the state at least $12 million, so far.  

On Friday, the Texas Department of Information Resources (DIR) said that it was leading the response to a ‘coordinated ransomware attack’ that was crippling critical government infrastructure across the state.

Ransomware disables computer networks and holds them hostage in demand for payment.

‘DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions,’ the department said in a statement at the time.

According to a weekend update, the attacks started on Friday morning although the locations haven’t been named.

However, it is understood the ‘majority of these entities were smaller local governments,’ it said in a statement.

‘The State of Texas systems and networks have not been impacted. It appears all entities that were actually or potentially impacted have been identified and notified,’ the DIR said. 

Texas Governor Greg Abbott deployed cybersecurity experts to the affected areas in order to assess damage and help bring local government entities back online

‘While the state has determined that one “threat actor” was responsible for all 23 attacks, they have not yet determined who was responsible. Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,’ the department said. 

‘I would suspect that there are systems that are still being recovered,’ said Edward Block to CNBC. 

Block served as the Texas state Chief Information Security Officer until October 2016.

‘Going public kind of paints a target on the back of those agencies,’ he said, including from other criminals who may look to capitalize on the attacks and launch more. 

The department has urged local jurisdictions who have been impacted to contact their local TDEM Disaster District Coordinator. 

‘DIR is fully committed to respond swiftly to this event and provide the necessary resources to bring these entities back online,’ the agency said. 

 The majority of those targeted were smaller local governments. The Texas State Department of Information Resources is leading the response to the attacks

It is unclear which cities had been impacted by the attacks and what entity is suspected of perpetrating them. 

Texas Governor Greg Abbott ordered a ‘Level 2 Escalated Response’ on Friday following the incident,

The response  is one step below the highest level of alert, level 1 or ’emergency’ and means the scope of the emergency has expanded beyond that which can be handled by local responders.  

In addition to the state and local agencies assisting with the response, ‘Governor Abbott also deployed cybersecurity experts to the affected areas in order to assess damage and help bring local government entities back online,’ Nan Tolson from the Governor’s Office said.

A number of federal and state agencies are now assisting the state of Texas including FEMA, the Department of Homeland Security, Texas A&M’s Information Technology and Electronic Crime Unit and the Texas Military Department.

Friday’s attack came within hours of a massive failure of U.S. Customs and Border Protection computers that caused huge travel delays across the country – although the federal agency has insisted that particular outage was not ‘malicious’ in nature.