Texas governments hit by multiple ransomware attacks

Local governments in numerous Texas towns have been hit by coordinated ransomware attacks over the past few days. According to an official news release from the state’s Department of Information Resources, the attacks were first noticed on Aug. 19, which immediately caused the State Operations Center to mobilize in response. The State Operations Center, as defined on its website, exists in a capacity that “operates 24/7 to monitor threats, make notification of threats and provide information on emergency incidents to local, state, and federal officials, and coordinate state emergency assistance to local governments that have experienced an emergency situation that local response resources are inadequate to deal with.”

That last part of the State Operations Center’s mission is key to understanding this ransomware incident. The reason for this is that the ransomware attacks targeted over 20 local state governments. (These remain unnamed in the news release.) The investigation indicates that there is one threat actor behind all the attacks. It is not known who this attacker is, or at least the Texas investigators are not saying, so at this point, it is merely up to conjecture. Additionally, investigators have yet to determine the point of attack, but they state that “response and recovery are the priority at this time.” This implies that the attacks are not yet under control, which is understandable considering the scope of the ransomware infection. It should also be noted that the ransomware strain is also unknown at this time.

This Texas ransomware attack is yet another major incident in a relatively short span involving local governments and ransomware. One has to wonder what exactly is driving this sudden uptick in ransomware attacks targeting the 50 states. Are the threat actors foreign agents? Are they domestic terrorists? Or, perhaps, are they cybercriminals who are looking to wreak havoc and get a payday? Regardless, it is highly likely that this Texas incident will not be the last major attack like this in 2019.

Featured image: Flickr/ Ray Bodden

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

IFA 2019: All the top smartphone announcements and unveilings

IFA 2019, this year’s version of the annual consumer electronics trade show, did not disappoint. Is one of these smartphones…

23 mins ago

Outlook connectivity: Troubleshooting and solving common issues

IT professionals all dread getting this fevered message from employees and clients: “I’m having Outlook connectivity issues!” Here’s what you…

5 hours ago

Using tags with Azure runbook automation to control your costs

Here’s a script designed to start and stop virtual machines based on tags associated at the resource group level. It…

8 hours ago

Software-defined perimeter solutions: Why this is the future of security

Traditional VPNs are showing their age in the modern cloud-powered workplace. That’s why software-defined perimeter solutions are in your future.

3 days ago

Why you need to check your virtualization host’s NUMA configuration

Should you disallow NUMA spanning in your Hyper-V architecture? There are two sides to this story, and you’ll get both…

3 days ago

Getting started with Visual Studio Code and integrating with Azure DevOps

Coding may not be the No. 1 job duty for cloud admins, but it is often a part of the…

3 days ago