Update on the August 2019 Texas Cyber Incident
Aug 17 2019
AUSTIN – The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas. Below is an update as of August 17, 2019, at approximately 5:00 p.m. central time.
Return to Hot Topics
- On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments.
- Later that morning, the State Operations Center (SOC) was activated with a day and night shift.
- At this time, the evidence gathered indicates the attacks came from one single threat actor.
- Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.
- It appears all entities that were actually or potentially impacted have been identified and notified.
- Twenty-three entities have been confirmed as impacted.
- Responders are actively working with these entities to bring their systems back online.
- The State of Texas systems and networks have not been impacted.
- The following agencies are supporting this incident:
- Texas Department of Information Resources
- Texas Division of Emergency Management
- Texas Military Department
- The Texas A&M University System's Security Operations Center/Critical Incident Response Team
- Texas Department of Public Safety
- Computer Information Technology and Electronic Crime (CITEC) Unit
- Intelligence and Counter Terrorism
- Texas Commission of Environmental Quality
- Texas Public Utility Commission
- Department of Homeland Security
- Federal Bureau of Investigation – Cyber
- Federal Emergency Management Agency
- Other Federal cybersecurity partners
Cybersecurity Best Practices
- It is everyone's responsibility to remain cyber aware and practice information safety.
- Do not open suspicious or unexpected links or attachments in emails.
- Hover over hyperlinks in emails to verify they are going to the anticipated site.
- Be aware of malicious actors attempting to impersonate legitimate staff, and check the email sender name against the sender's email address.
- Use unique strong passwords or pass-phrases for all accounts.
- Do not provide personal or organizational information unless you are certain of the requestor's authority, identity, and legitimacy.
- Alert your IT staff or supervisor if you have any concerns about the legitimacy of any email, attachment, or link.
- Take advantage of available cybersecurity awareness training.