Update on the August 2019 Texas Cyber Incident

August 20, 2019
Technology Topic
AUSTIN - The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas. Below is an update as of August 20, 2019, at approximately 3:00 p.m. central time.

For impacted entities and more information regarding cybersecurity best practices, please click here.

  • The number of confirmed impacted entities has been reduced to twenty-two.
  • As of the time of this release, responders have engaged with all twenty-two entities to assess the impact to their systems and bring them back online.
  • More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.
  • The State of Texas systems and networks have not been impacted.
  • Evidence continues to point to a single threat actor.
  • Investigations into the origin of this attack are ongoing.
  • Because this is an ongoing federal investigation, we cannot provide additional details about the attack.

To put themselves in the best cybersecurity posture, public and private organizations can follow these cybersecurity best practices:

  • Keep software patches and anti-virus tools up to date.
  • Create strong unique passwords that are changed regularly.
  • Enable multifactor authentication, especially for remote logins.
  • Modernize legacy systems and ensure software is as current as possible.
  • Limit the granting of administrative access.
  • Perform regular, automated backups and keep the backups segregated.

BACKGROUND

  • The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas.
  • On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments.
  • Later that morning, the State Operations Center (SOC) was activated.

The following agencies are supporting this incident:

  • Texas Department of Information Resources
  • Texas Division of Emergency Management
  • Texas Military Department
  • The Texas A&M University System's Security Operations Center/Critical Incident Response Team
    • Texas Department of Public Safety
    • Computer Information Technology and Electronic Crime (CITEC) Unit
    • Cybersecurity
    • Intelligence and Counter Terrorism
  • Texas Commission of Environmental Quality
  • Texas Public Utility Commission
  • Department of Homeland Security
  • Federal Bureau of Investigation - Cyber
  • Federal Emergency Management Agency
  • Other Federal cybersecurity partners

SUPPORT AND INQUIRIES

For additional information and tips for preventing ransomware, contact DIRSecurity@dir.texas.gov.

For other media and other public information inquiries, visit our Contact DIR webpage.

About File Formats

Some documents on this page are in the PDF format. Please download the Adobe Reader in order to view these documents.