22 Texas Towns Hit by Coordinated Ransomware Attack in Unprecedented Cyberassault
Texas officials confirmed this week that 22 small municipalities across the state fell victim to a coordinated ransomware attack, marking one of the largest simultaneous cyberassaults on local governments to date. The breach, which began Friday morning, disrupted city operations, including financial systems, utility payments, and access to vital records like birth and death certificates.
Investigators, including the FBI and state cybersecurity experts, have traced the attack to a single threat actor, though the perpetrators remain unidentified. The hackers infiltrated an outsourced IT provider used by multiple cities, demanding a collective ransom of $2.5 million. Officials in Borger and Keene two of the affected towns reported severe disruptions, with Keene’s mayor stating that nearly all city hall functions were impacted. No ransom payments have been made, according to state authorities.
Cybersecurity experts described the attack as a "new front" in ransomware campaigns, citing its scale and coordination. Allan Liska of Recorded Future noted that while government-targeted ransomware has surged with over 60 incidents in 2019 alone this marks the largest known synchronized strike. Many attacks originate from Eastern Europe or Russia, often exploiting phishing emails or vulnerable remote desktop systems.
The incident underscores the growing vulnerability of smaller, resource-strapped governments, which often rely on third-party IT providers. While some cities, like Lake City, Florida, have paid ransoms to restore services, federal officials discourage the practice, warning it fuels further attacks. The full extent of the Texas breach remains unclear, with authorities yet to disclose the number of compromised systems or the potential data exposure.
City of Borger cybersecurity rating report: https://www.rankiteo.com/company/city-of-borger
City of Keene, Texas cybersecurity rating report: https://www.rankiteo.com/company/city-of-keene
"id": "CITCIT1770324590",
"linkid": "city-of-borger, city-of-keene",
"type": "Ransomware",
"date": "8/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Government',
'location': 'Texas, USA',
'name': 'Borger',
'size': 'Small',
'type': 'Municipality'},
{'industry': 'Government',
'location': 'Texas, USA',
'name': 'Keene',
'size': 'Small',
'type': 'Municipality'},
{'industry': 'Government',
'location': 'Texas, USA',
'name': '20 other Texas towns',
'size': 'Small',
'type': 'Municipality'}],
'attack_vector': 'Third-party IT provider compromise',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, financial data)',
'type_of_data_compromised': 'Vital records (birth and death '
'certificates), financial data, '
'utility payment information'},
'date_detected': '2019-08-16',
'description': '22 small municipalities across Texas fell victim to a '
'coordinated ransomware attack, disrupting city operations '
'including financial systems, utility payments, and access to '
'vital records like birth and death certificates. The attack '
'was traced to a single threat actor who infiltrated an '
'outsourced IT provider used by multiple cities, demanding a '
'collective ransom of $2.5 million.',
'impact': {'data_compromised': 'Vital records (birth and death certificates), '
'financial systems, utility payment systems',
'identity_theft_risk': 'Potential risk due to exposure of vital '
'records',
'operational_impact': 'Severe disruptions to city hall functions '
'in affected towns',
'payment_information_risk': 'Potential risk due to utility payment '
'system compromise',
'systems_affected': 'City operations, financial systems, utility '
'payments, vital records access'},
'initial_access_broker': {'entry_point': 'Outsourced IT provider'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Growing vulnerability of smaller, resource-strapped '
'governments relying on third-party IT providers; need for '
'improved cybersecurity measures and incident response '
'planning.',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Compromise of third-party IT '
'provider; likely exploitation of '
'phishing emails or vulnerable '
'remote desktop systems'},
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': '$2.5 million (collective)',
'ransom_paid': 'No'},
'recommendations': 'Avoid paying ransoms to discourage further attacks; '
'enhance monitoring of third-party IT providers; implement '
'network segmentation and adaptive security measures; '
'conduct regular cybersecurity training for government '
'employees.',
'references': [{'source': 'Texas officials'},
{'source': 'Allan Liska, Recorded Future'}],
'response': {'law_enforcement_notified': 'Yes',
'third_party_assistance': 'FBI, state cybersecurity experts'},
'threat_actor': 'Unidentified (likely Eastern Europe or Russia)',
'title': '22 Texas Towns Hit by Coordinated Ransomware Attack',
'type': 'Ransomware'}