Early on August 16, a total of 23 local government organizations in Texas were hit by a coordinated ransomware attack. The type of ransomware has not been revealed, and Texas officials asserted that no state networks were compromised in the attack.
ARS TECHNICA
This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.
A spokesman for the Texas Department of Information Resources, or TDIR, told Ars that authorities are not ready to reveal the names of the entities affected, nor other details of the attack. State and federal agencies are in the midst of a response, and TDIR did not have information on whether any of the affected governmental organizations had chosen to pay the ransom.
But the TDIR did reveal that the ransomware came from a single source. "At this time, the evidence gathered indicates the attacks came from one single threat actor," a spokesperson said. "Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time."
Response teams from TDIR, the Texas Division of Emergency Management, Texas Military Department, Department of Public Safety, and the Texas A&M University System's Security Operations Center/Critical Incident Response Team SOC/CIRT are currently involved in the effort to bring systems back online, as are federal officials from the Department of Homeland Security, the FBI, FEMA, and other agencies.
