Update on the August 2019 Texas Cyber Incident

Aug 20 2019

AUSTIN – The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas. Below is an update as of August 20, 2019, at approximately 3:00 p.m. central time.

  • The number of confirmed impacted entities has been reduced to twenty-two.
  • As of the time of this release, responders have engaged with all twenty-two entities to assess the impact to their systems and bring them back online.
  • More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.
  • The State of Texas systems and networks have not been impacted.
  • Evidence continues to point to a single threat actor.
  • Investigations into the origin of this attack are ongoing.
  • Because this is an ongoing federal investigation, we cannot provide additional details about the attack.
  • To put themselves in the best cybersecurity posture, public and private organizations can follow these cybersecurity best practices:
    • Keep software patches and anti-virus tools up to date.
    • Create strong unique passwords that are changed regularly.
    • Enable multifactor authentication, especially for remote logins.
    • Modernize legacy systems and ensure software is as current as possible.
    • Limit the granting of administrative access.
    • Perform regular, automated backups and keep the backups segregated.

BACKGROUND

  • The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas.
  • On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments.
  • Later that morning, the State Operations Center (SOC) was activated.
  • The following agencies are supporting this incident:
    • Texas Department of Information Resources
    • Texas Division of Emergency Management
    • Texas Military Department
    • The Texas A&M University System's Security Operations Center/Critical Incident Response Team
      • Texas Department of Public Safety
      • Computer Information Technology and Electronic Crime (CITEC) Unit
      • Cybersecurity
    • Intelligence and Counter Terrorism
    • Texas Commission of Environmental Quality
    • Texas Public Utility Commission
    • Department of Homeland Security
    • Federal Bureau of Investigation – Cyber
    • Federal Emergency Management Agency
    • Other Federal cybersecurity partners

SUPPORT AND INQUIRIES

For additional information and tips for preventing ransomware, contact DIRSecurity@dir.texas.gov.


For other media and other public information inquiries, visit our Contact DIR webpage.

     

      Return to Hot Topics