The state of Texas has been hit with a rare coordinated ransomware attack that disrupted systems of 23 different local governments.
The Texas Department of Information Resources (DIR) issued a statewide alert on Aug. 16 warning towns and cities across the state about the attack campaign. The attack hit Friday morning and appears to be the work of a single threat actor, the DIR said in a statement on Aug. 17. Later that day, Texas government officials activated a multi-organizational task force, including the Department of Information Resources (DIR), the Texas A&M University System's Security Operations Center (SOC), the Texas Department of Public Safety, and emergency and military responders.
By Saturday, all affected entities had been notified and the DIR confirmed that state systems had not been affected by the attack.
"Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time," the DIR alert stated. "Responders are actively working with these entities to bring their systems back online."
The coordinated attack against Texas' local governments represents, arguably, the most brazen ransomware operation to date. While ransomware attacks are becoming more targeted, a single coordinated attack against a state is rare.
It is unclear what made the simultaneous attack possible. The same type of vulnerable systems could have been present in each network, or a third-party service provider could have been compromised, says Adam Kujawa, director of security research at Malwarebytes.
"[I]t is ..