A "coordinated" ransomware attack hit 23 towns across Texas late last week, according to the state's Department of Information Resources.
Though the jurisdictions aren't named, the Texas DIR said “the majority of these entities were smaller local governments.” The DIR said evidence gathered thus far indicates the ransomware attacks originated from "one single threat actor."
Ransomware is a type of malicious software that locks a user's or organization's systems until a ransom is paid, sometimes encrypting data to prevent retrieval.
It's often delivered via email as a legitimate attachment, and may look like an invoice, a spreadsheet or a resume. If the file is opened by an unsuspecting employee, the ransomware can infect the employee's computer and will often spread throughout an enterprise's network, locking down all computers and servers and sending systems offline for an extended time period.
Soon after attacks began the morning of Aug. 16, Texas Governor Greg Abbott ordered a "Level 2 Escalated Response," meaning "the scope of the emergency as expanded beyond that which can be handled by local responders," according to the state's emergency-management planning guide.
The Texas A&M University System’s Security Operations Center, the Texas Military Department, the Department of Homeland Security, the FBI, and other Federal cyber-security partners are some of the organizations supporting the investigation.
In the past couple of years, municipal governments and local government agencies across the U.S. and Canada have become a top target for ransomware attackers. In July, the governor of Louisiana declared a state emergency when a similar attack affected several school districts. In May, hackers seized parts of Baltimore's computer systems. Atlanta faced similar troubles in March 2018.
In some cases, the specific names of the locales have been kept private as to not publicize certain municipalities as easy targets for future cyber criminals.
Local governments are juicy targets for ransomware attackers because unlike private companies, their computer systems and information-security practices are often years out of date.
Unlike private citizens, governments can afford to pay thousands of dollars in ransom, and sometimes have no choice but to pay if the attackers lock down files pertaining to ongoing court cases or financial records.