The slew of ransomware attacks on U.S. cities that we have documented exhaustively (here , here and here) looks as though it is continuing. This time, 23 towns in Texas were hit by a "coordinated" ransomware attack late last week, according to CNBC.
The state's Department of Information Resources says that the attack started last Friday morning and targeted "smaller local governments" within the state.
Greg Abbott, the governor of Texas, ordered a "Level 2 Escalated Response" following the incident. This is part of a four step response protocol and is one step below the highest level of alert, which is labeled "Emergency".
The state's emergency management planning guide says that level two means “the scope of the emergency has expanded beyond that which can be handled by local responders. Normal state and local government operations may be impaired.”
Governor’s Office deputy press secretary Nan Tolson said: “Governor Abbott is also deploying cybersecurity experts to affected areas in order to assess damage and help bring local government entities back online.”
These attacks follow a slew of ransomware attacks that have occurred in places like Maryland and Florida, among other states. In each case, significant sums of money were lost either from ransom demands or from the damage caused by the attack. The Texas Department of information resources said:
“The State of Texas systems and networks have not been impacted. It appears all entities that were actually or potentially impacted have been identified and notified,” the DIR said. While the state has determined that one “threat actor” was responsible for all 23 attacks, they have not yet determined who was responsible.
“Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.”
The state is being assisted by federal and state agencies that include FEMA and the Department of Homeland Security. They are also being helped by Texas A&M’s Information Technology and Electronic Crime unit and the Texas Military Department, which is part of the National Guard.
The locations of the attacks are being kept private while the problems are being fixed, according to Edward Block, who served as the Texas state Chief Information Security Officer until October 2016.
Block said: "I would suspect that there are systems that are still being recovered. [Going public] kind of paints a target on the back of those agencies."