HOUSTON -- Computer systems in 23 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack that has sent state emergency-management officials scrambling, authorities said.
The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the "ransomware attack," in which hackers remotely block access to important data until a ransom is paid.
It was unclear who was responsible for the attack. The state described the attacker only as "one single threat actor."
Elliott Sprehe, a spokesman for the department, declined to provide further specifics or release the names of the towns affected because of the "potential for further attacks." He said the attacks largely affected specific departments within those towns.
He declined to say whether any of the towns had paid up.
"It's limited to just a handful of areas," Sprehe said. "It's not disparate throughout the state."
The attack began Friday morning. Later that day, Gov. Greg Abbott ordered the second-highest level of alert in the state's emergency-response system, classifying the attack as a Level 2 Escalated Response, meaning that the scope of the incident had reached beyond what local responders can manage.
"Governor Abbott is also deploying cybersecurity experts to affected areas in order to assess damage and help bring local government entities back online," Nan Tolson, a spokesman for the governor, said in a statement.
Allan Liska, an analyst with Recorded Future, a cybersecurity firm, said that the attack in Texas was "absolutely the largest coordinated attack" on cities he had seen in terms of the number of targets, and that "it may be the first time that we've seen a coordinated attack."
"If this turns out to be a new phase -- because bad guys love to copycat each other -- we're going to see a continued acceleration of these kinds of attacks," Liska said.
Hospitals, businesses and other networks have for years been targets of ransomware attacks. But in recent years, hackers have increasingly focused on local governments.
Ransomware attacks often begin after employees click on links or download attachments containing malicious code from seemingly harmless emails.
In May, hackers seized part of the computer systems that run the city government of Baltimore, delaying the delivery of water bills and preventing the health department from issuing critical alerts. In March 2018, a cyberattack targeted some parts of the city of Atlanta's network for days, including systems involving police reports and employment applications.
It took one Texas city weeks to recover from a recent ransomware attack. Laredo, a border town of 261,000 about 160 miles south of San Antonio, was the victim of an attack in May that shut down some of its online services and caused the city's email system to go dark. Residents and others who emailed employees in various city departments, including police officials, had their emails bounce back for weeks.
"All of our emails were down in the city, and that was intentional," said Rafael Benavides, a spokesman for the city. "We were trying to make sure that the virus was contained."
Laredo's email and computer systems are now fully operational, and the city was not one of the 23 cities targeted in the new attack. Laredo officials did not pay out any ransom to get the system running again, Benavides said.
In 2018, Liska said, there were 54 publicly reported attacks on city, county and state governments in the United States, as well as on court systems, emergency services and school districts. So far this year, excluding the Texas attacks, his firm has identified 61.
Ransomware attacks, particularly those in Atlanta and Baltimore, have also prompted further scrutiny of the country's election systems. If hackers seize states' voter registration systems just before Election Day, for example, it could create substantial problems with ensuring all voters are registered and casting only one ballot.
Reports emerged earlier this year that Russian hackers had breached electronic voter registration systems in two Florida counties, though it does not appear that any data was altered, officials said.
A host of state and federal agencies are responding to the attack on the 23 Texas towns, including cybersecurity experts at the FBI, the Federal Emergency Management Agency and the Texas Military Department. The state's computer systems and networks were not affected.
A Section on 08/21/2019