The widespread cyberattack came at the end of last week, plunging the state into response and recovery mode. At least 23 cities and towns are working with state and federal authorities to mitigate the damage.
At least 23 local government entities in Texas were hit by ransomware last week, in what officials are describing as a "coordinated attack."
The attacks, the majority of which are believed to have struck "smaller, local governments," were reported Friday morning, according to the state's Department of Information Resources (DIR), which is leading the response to the incident.
"At this time, the evidence gathered indicates the attacks came from one single threat actor," DIR said, in a press release.
Texas Gov. Greg Abbott ordered a "Level 2 Escalated Response" on Friday — the second highest level of the state's four-step emergency response protocol, which implies that the scope of the incident has "expanded beyond that which can be handled by local responders."
We are leading the response to a ransomware attack on at least 20 Texas local government entities. For more information, including #ransomware facts and cybersecurity tips see our attached guides and visit our website at https://t.co/FmjRaiKKgI pic.twitter.com/1Dq88cv6XW— Tx Dept of IR (@TexasDIR) August 17, 2019
It is believed that all entities affected by the attack have now been identified and notified, though those communities are not being publicly identified at this time due to "security concerns," said Elliott Sprehe, press secretary for the IT agency. No state systems were affected by the attacks.
Federal authorities such as the FBI, FEMA and the Department of Homeland Security are assisting with investigation into the attacks, though DIR noted that the primary focus at this point is response and recovery operations.
The incidents come at a time of heightened public anxiety surrounding cyberattacks — particularly ransomware, which has increasingly been used to target governments, school districts and companies across the country.
Aside from DIR, a number of agencies are assisting in the response and recovery operations, including the Texas Military Department, the Texas Division of Emergency Management and the Texas Department of Public Safety, among others.
The agency also released a list of security recommendations to guard against similar attacks, including avoiding suspicious or unexpected links or attachments in emails, using strong passwords, and investing in cybersecurity awareness training.