The Texas Department of Information Resources (DIR) has issued a statement confirming the state has experienced a major ransomware incident that has affected multiple agencies.
For security reasons, the names of the affected agencies have not been released, but DIR has confirmed that at least 23 government entities have been affected by “a coordinated ransomware attack.’ The systems and networks of the State of Texas were not affected.
The attack started on the morning of Friday, August 16, 2019 and appears to be the work of a single threat actor. Few details about the nature of the breach have been released, but it is understood that access was gained to all affected government networks before ransomware was simultaneously deployed.
The attack has been reported to the Department of Homeland Security and the Federal Bureau of Investigation, and several Texas government agencies are assisting with the investigation, including DIR and the Texas Division of Emergency Management.
Certain jurisdictions have been severely impacted and are being assisted by the Texas Military Department and Texas A&M University System’s Cyberresponse and Security Operations Center. Currently efforts are focused on eliminating the ransomware, restoring files, and getting each department’s systems back online.
Ransomware attacks on cities and government departments are far from uncommon. There have been several major attacks reported in 2019, some of which have resulted in ransom payments of hundreds of thousands of dollars being made.
Florida suffered two ransomware attacks in the space of a few days in June and ransom payments totaling more than $1,000,000 were made to obtain the keys to unlock encrypted files. Baltimore and the City of Atlanta also experienced ransomware attacks that have cost millions to resolve.
There have been many cases where there has been no alternative other than paying the ransom. To ensure that all option remain open, businesses must make sure that data can be recovered in the event of disaster. That means backing up all data at least daily and storing one copy of the backup off-site on a non-networked, non-internet connected device.