Last updated on August 22, 2019
AUSTIN – The Department of Information Resources (DIR) is leading the response to a coordinated ransomware attack that has impacted at least twenty local government entities across Texas.
The Texas Division of Emergency Management is assisting by coordinating state agency support through the Texas State Operations Center.
“Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions,” the press release stated.
Further resources will be deployed as they are requested. Local jurisdictions who have been impacted should contact their local TDEM Disaster District Coordinator. DIR is fully committed to respond swiftly to this event and provide the necessary resources to bring these entities back online.
In an update posted on Saturday, August 17, the Department of Information Resources released an update to the attack.
“On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments. Later that morning, the State Operations Center (SOC) was activated with a day and night shift,” the press release stated.
The update went on to state that the evidence gathered indicates the attacks came from one single threat actor and investigations into the origin of the attack are ongoing.
Twenty-three entities have been confirmed as impacted, although none of those entities were named specifically.
At the time of the release, responders were actively working with these entities to bring their systems back online.
The State of Texas systems and networks were not impacted.
The following agencies are supporting this incident:
Texas Department of Information Resources, Texas Division of Emergency Management, Texas Military Department, The Texas A&M University System’s Security Operations Center/Critical Incident Response Team, Texas Department of Public Safety, Computer Information Technology and Electronic Crime (CITEC) Unit, Cybersecurity, Intelligence and Counter Terrorism, Texas Public Utility Commission, Department of Homeland Security, Federal Bureau of Investigation – Cyber, Federal Emergency Management Agency and other Federal cybersecurity partners all had a hand in handling this attack.
The following are tips for the best Cybersecurity Practices from the DIR:
- It is everyone’s responsibility to remain cyber aware and practice information safety.
- Do not open suspicious or unexpected links or attachments in emails.
- Hover over hyperlinks in emails to verify they are going to the anticipated site.
- Be aware of malicious actors attempting to impersonate legitimate staff, and check the email sender name against the sender’s email address.
- Use unique strong passwords or pass-phrases for all accounts.
- Do not provide personal or organizational information unless you are certain of the requestor’s authority, identity, and legitimacy.
- Alert your IT staff or supervisor if you have any concerns about the legitimacy of any email, attachment, or link.
- Take advantage of available cybersecurity awareness training.
For more information, including ransomware facts and cybersecurity tips please see the attached guides below:
- Federal Ransomware Tip Sheet
- Texas-Estimated Ransomware Costs
- Ransomware Tips and Facts
- DHS Government Tip Card
- Online Safety