Computer systems in 23 small Texas towns have been hacked, seized and held for ransom in a widespread, coordinated cyberattack, the authorities said this week.
The Texas Department of Information Resources said Monday that it was racing to bring systems back online after the “ransomware attack,” in which hackers remotely block access to important data until a ransom is paid.
It was unclear who was responsible for the attacks, which occurred last week. The state described the attacker only as “one single threat actor.”
Elliott Sprehe, a spokesman for the department, declined to provide further specifics or release the names of the towns affected because of the “potential for further attacks.” He said the attacks largely affected specific departments within those towns.
He declined to say if any of the towns had paid up.
“It’s limited to just a handful of areas,” Mr. Sprehe said. “It’s not disparate throughout the state.”
Allan Liska, an analyst with Recorded Future, a cybersecurity firm, said that the attack in Texas was “absolutely the largest coordinated attack” on cities he had seen in terms of the number of targets, and that “it may be the first time that we’ve seen a coordinated attack.”
“If this turns out to be a new phase — because bad guys love to copycat each other — we’re going to see a continued acceleration of these kinds of attacks,” Mr. Liska said.
Hospitals, businesses and other networks have for years been targets of ransomware attacks. But in recent years, hackers have increasingly focused on local governments.
Ransomware attacks often begin after employees click on links or download attachments containing malicious code from seemingly harmless emails.
In 2018, Mr. Liska said, there were 54 publicly reported attacks on city, county and state governments, as well as court systems, emergency services and school districts. So far this year, excluding the Texas attacks, his firm has identified 61.
Ransomware attacks, particularly those in Atlanta and Baltimore, have also prompted further scrutiny of the country’s election systems. If hackers seize states’ voter registration systems just before Election Day, for example, it could create substantial problems with ensuring all voters are registered and casting only one ballot.
For the Texas towns that have already been compromised, the options are limited.
Brian Calkin, chief technology officer at the nonprofit Center for Internet Security, said it depended on the particulars of the system, but there were essentially three choices.
The first is to pay the ransom, which he said was ultimately a business decision, but also a moral one because it perpetuates the problem and the criminals behind it.
The second option is to restore data from backup files that have been stored offline. But if officials take too long to deliberate and miss the ransom deadline, or there are no backup files, the third option “is less fun,” he said.
“You’re really looking at rebuilding from scratch,” he said, “which is an unenvious place to be for sure.”
State and local government entities are likely to pay ransom only about 17 percent of the time, according to Mr. Liska’s analysis. But criminals get heightened media attention when they target cities.
Earlier this summer, two Florida cities agreed to shell out almost a million dollars to placate attackers. The leaders of Riviera Beach, Fla., paid the sum of nearly $600,000. And officials in Lake City, Fla., eventually paid $460,000 (or 42 Bitcoin) after the city’s computer systems were paralyzed for several days.
“With your heart, you really don’t want to pay these guys,” Mayor Stephen Witt of Lake City said at the time. “But, dollars and cents, representing the citizens, that was the right thing to do.”
As a precaution, officials in one Texas county took some of their systems offline over the weekend, according to the local Fox station, KXII.
“We took steps to — in effect — pull in our drawbridge,” Bill Magers, the Grayson County judge, told the station. “We will continue to take all steps necessary to protect the information system used to serve our taxpayers.”