Texas ransomware attack hits 22 municipalities, demands $2.5M

Ransomware attacks hit 22 municipalities around Texas, most of which appear to be smaller local governments, but the details surrounding the attacks are still unclear.

More than 20 municipal governments in Texas have been hit with ransomware, and the mayor of one of city said the ransom demand is $2.5 million.

According to the Texas Department of Information Resources (DIR), "more than 20 entities in Texas reported a ransomware attack" on the morning of Aug. 16. Since then, the number of impacted entities was confirmed to be 22 and "the majority of these entities were smaller local governments."

The DIR claimed the Texas ransomware appears to be the work of a "single threat actor," based on the evidence available. Additionally, the FBI, FEMA and the Department of Homeland Security have been brought in to aid in the investigation and incident response.

Only three of the 22 entities hit by the Texas ransomware have come forward as of this report -- Borger, a city of 13,250; Keene, a city of 6,100; and Wilmer, a city of 4,136. The City of Borger said in a press release that normal business and financial operations and services were affected, including systems responsible for birth and death certificates being offline and systems used to accept payments. However, the city claimed "no customer credit card or other personal information on the City of Borger's systems have been compromised."

According to a report from the Dallas-Fort Worth CBS News affiliate, the Texas ransomware took down systems in Wilmer's police department, water department and public libraries. 

The City of Keene announced on Facebook that it cannot accept "credit card payments or utility disconnections," but Keene Mayor Gary Heinrich told NPR the damage went far beyond that. Heinrich told NPR that most activities at City Hall have been affected by the Texas ransomware. Heinrich added that the attackers asked for $2.5 million in a "collective ransom," which allegedly would cover all victim municipalities.

Heinrich also told NPR the threat actor behind the Texas ransomware may have targeted a managed service provider contracted by Keene and other victim municipalities, but this detail has not been confirmed by investigators. The Texas DIR did not offer details on the attack in its report because of the ongoing federal investigation.

Ransomware attacks on city, state and local government systems appear to be increasing this year. Security researchers believe most ransomware campaigns aren't specifically targeting government networks and instead search for un-patched systems using vulnerable software like Microsoft's remote desktop protocol.

In March of last year, Atlanta was the victim of a ransomware attack that ultimately cost the city more than $5 million. In early May of this year, Baltimore was also hit by a ransomware attack that interrupted critical city services.

Next Steps

Ransomware attack disrupts Dallas police, city services

Dig Deeper on Security operations and management