According to the Texas Department of Information Resources (DIR), the attack appears to have been carried out by a “single threat actor” and mostly targeted local agencies in Texas. According to threat intelligence analyst Allan Liska, who spoke to NPR, the attack is “the largest coordinated attack” ever seen in the US.
— Tx Dept of IR (@TexasDIR) August 17, 2019
“Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions,” Texas DIR said in a recent statement on its website. However, the agency did not reveal which specific towns and departments were impacted.
“At this time, we’re not yet naming impacted entities so as to not make them a target for other potential bad actors,” a Texas DIR spokesperson said in an email to Gizmodo. According to multiple reports, the state’s Division of Emergency Management, the Public Utility Commission, the military department, the FBI’s cyber unit and the Federal Emergency Management Agency are investigating the attack.
Borger and Keene, two cities in the Lone Star State, have revealed that their computer systems were hacked as well.
Officials in Borger revealed that the ransomware has affected its city business and financial operations. The city doesn’t have access to online birth and death certificates, and its residents are unable to make utility payments.
As for the city of Keene, it, too, is unable to process utility payments. Keene Mayor Gary Heinrich told NPR that the attackers hacked the information technology software used by the city and have demanded a ransom of $2.5 million.
Elliott Sprehe, a spokesperson for Texas DIR, told NPR that he is “not aware” of any cities having paid the ransom demanded by the hackers. The ransom amounts have not been officially disclosed by the Texas DIR.
According to statistics by cybersecurity company Malwarebytes, ransomware attacks on consumers have declined in the past year, while attacks on government agencies and businesses have become more common. Ransomware attacks on consumer systems decreased by 12% between June 2018 and June 2019, but attacks on government agencies increased by 353% in that timeframe.
