A coordinated ransomware attack was found to have affected 23 local Texas government organizations, according to the Texas Department of Information Resources (TDIR).
In a statement on Friday, August 16, TDIR said it was “leading the response to a coordinated ransomware attack that has impacted at least twenty local government entities across Texas.” Though officials have not released details about the specific entities affected, an updated statement Saturday evening confirmed that “State of Texas systems and networks have not been impacted,” as “the majority of these entities were smaller local governments.”
Since the discovery of the attack on Friday morning, the State Operations Center (SOC) was activated with a day and night shift, according to TDIR.
Ransomware refers to malicious software that hackers use to infect computers in order to restrict users’ access with the intent to collect a ransom payment before access is granted again. This is especially troublesome for cities, who have to decide whether to pay extortionists or potentially lose millions of dollars and the wrath of city residents.
Officials have not confirmed the ransomware strain, but ZDNet says it learned from a local source that “the ransomware that infected the networks…encrypts files and then adds the .JSE extension at the end.” ZDNet also said that “some antivirus vendors detect it as Nemucod, under the name of the trojan that drops it on infected hosts.”
A ransomware attack in Baltimore earlier this year wreaked havoc on the city, as “it took down voicemail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations,” according to the New York Times, and a July attack on Louisiana school districts prompted the state’s governor to declare a state of emergency.
It’s not clear whether the state plans to pay the ransomware. TDIR has only said that, “Responders are actively working with these entities to bring their systems back online.”