Update on the August 2019 Texas Cyber Incident
Aug 20 2019
AUSTIN – The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas. Below is an update as of August 20, 2019, at approximately 3:00 p.m. central time.
- The number of confirmed impacted entities has been reduced to twenty-two.
- As of the time of this release, responders have engaged with all twenty-two entities to assess the impact to their systems and bring them back online.
- More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.
- The State of Texas systems and networks have not been impacted.
- Evidence continues to point to a single threat actor.
Investigations into the origin of this attack are ongoing.
- Because this is an ongoing federal investigation, we cannot provide additional details about the attack.
- To put themselves in the best cybersecurity posture, public and private organizations can follow these cybersecurity best practices:
- Keep software patches and anti-virus tools up to date.
- Create strong unique passwords that are changed regularly.
- Enable multifactor authentication, especially for remote logins.
- Modernize legacy systems and ensure software is as current as possible.
- Limit the granting of administrative access.
- Perform regular, automated backups and keep the backups segregated.
- The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas.
- On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments.
- Later that morning, the State Operations Center (SOC) was activated.
- The following agencies are supporting this incident:
- Texas Department of Information Resources
- Texas Division of Emergency Management
- Texas Military Department
- The Texas A&M University System's Security Operations Center/Critical Incident Response Team
- Texas Department of Public Safety
- Computer Information Technology and Electronic Crime (CITEC) Unit
- Intelligence and Counter Terrorism
- Texas Commission of Environmental Quality
- Texas Public Utility Commission
- Department of Homeland Security
- Federal Bureau of Investigation – Cyber
- Federal Emergency Management Agency
- Other Federal cybersecurity partners
SUPPORT AND INQUIRIES
For additional information and tips for preventing ransomware, contact DIRSecurity@dir.texas.gov.
For other media and other public information inquiries, visit our Contact DIR webpage.
Return to Hot Topics