Texas Hit by Coordinated Ransomware Attack Targeting Local Governments
A coordinated ransomware attack has disrupted 23 local government organizations across Texas, with evidence pointing to a single threat actor behind the incident. The Texas Department of Information Resources confirmed that smaller municipal departments were primarily affected, though specific agencies and ransom demands remain undisclosed.
The attack, which began over the weekend, crippled email systems and online payment processing, forcing some departments to revert to manual operations. While officials have not confirmed whether a ransom was paid, cybersecurity experts warn that paying could mark an organization as a repeat target. Ransomware victims often find themselves added to dark web lists of entities willing to pay, increasing the likelihood of future attacks.
The incident reflects a growing trend of ransomware targeting U.S. state and local governments. Earlier this year, similar attacks paralyzed systems in New York, Maryland, and Florida, with some cities opting to pay ransoms such as Riviera Beach ($600,000) and Lake City ($500,000) while others, like Baltimore, refused, incurring significant recovery costs.
Texas authorities have enlisted cybersecurity experts, military personnel, and counter-terrorism units to restore systems, though the situation remained ongoing as of Monday. The attack underscores vulnerabilities in government infrastructure, particularly in agencies with decentralized systems and frequent communication with external contacts.
Source: https://www.bbc.com/news/technology-49393479
Baltimore TPRM report: https://www.rankiteo.com/company/baltimorecityit
Texas Department of Information Resources TPRM report: https://www.rankiteo.com/company/texas-department-of-information-resources
"id": "baltex1781268443",
"linkid": "baltimorecityit, texas-department-of-information-resources",
"type": "Ransomware",
"date": "8/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Public Sector',
'location': 'Texas, USA',
'name': '23 local government organizations in Texas',
'type': 'Government'}],
'description': 'A coordinated ransomware attack has disrupted 23 local '
'government organizations across Texas, with evidence pointing '
'to a single threat actor behind the incident. The attack '
'crippled email systems and online payment processing, forcing '
'some departments to revert to manual operations.',
'impact': {'operational_impact': 'Forced some departments to revert to manual '
'operations',
'systems_affected': ['Email systems', 'Online payment processing']},
'investigation_status': 'Ongoing',
'lessons_learned': 'The attack underscores vulnerabilities in government '
'infrastructure, particularly in agencies with '
'decentralized systems and frequent communication with '
'external contacts.',
'references': [{'source': 'Texas Department of Information Resources'}],
'response': {'recovery_measures': 'Systems restoration ongoing',
'third_party_assistance': 'Cybersecurity experts, military '
'personnel, and counter-terrorism '
'units'},
'threat_actor': 'Single threat actor',
'title': 'Coordinated Ransomware Attack Targeting Local Governments in Texas',
'type': 'Ransomware'}