On Friday, the Texas Department of Information Resources (DIR) confirmed that at least 23 organizations linked to local governments in Texas were victims of a coordinated ransomware attack.
Ransomware is a method of cyber-attack that uses malicious code to disable or hold captive a computer system until a ransom is paid.
Frequently used by cybercriminals, cybersecurity professionals say that the particular strain used to target the local Texas entities in this scenario – frequently referred to as Nemucod – is distinguishable by its injection of ‘.JSE’ at the end of encrypted files.
Texas state agencies including the Texas Division of Emergency Management and the Texas Department of Public Safety (DPS), are currently investigating the incident assisted by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) among other federal entities.
According to a statement from the DIR, the culprits have yet to be identified, but “the evidence gathered indicates the attacks came from a single threat actor.”
For reasons of security, the entities affected are not being named at this time, but the DIR says that all organizations “potentially impacted” have been “identified and notified” and that no State of Texas networks or systems has been affected.
Texas is not the first state to have local governments entities fall prey to cyber-attack.
Local governments in Louisiana, Florida, and Maryland among others have also been victimized in recent months.
In July, Louisiana Governor John Bel Edwards declared a state of emergency after Louisiana school districts were affected by ransomware attacks.
Similarly, the city of Baltimore was forced to manually process thousands of transactions and restore access to approximately 10,000 employee email accounts after hackers demanded $100,000 be paid in ransom.
In some instances, local governments can be more vulnerable to attack when compared to other organizations because of the large number of contractors employed and subsequently granted access to network systems.
Additionally, the complexity and breadth of government departments coupled with more limited resources can often leave government entities vulnerable to exploitation.
As the investigation continues, DIR says that federal and state agencies will continue “actively working with these entities to bring their systems back online.”
Sarah McConnell is a reporter for The Texan. Previously, she worked as a Cyber Security Consultant after serving as a Pathways Intern at the Department of Homeland Security – Citizenship and Immigration Services. She received her Bachelor’s degree in Political Science from Texas A&M as well as her Master of Public Service and Administration degree from the Bush School of Government and Public Service at Texas A&M. In her free time, Sarah is an avid runner, jazz enthusiast, and lover of all things culinary.