The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas. Below is an update as of August 20, 2019, at approximately 3:00 p.m. central time.

• The number of confirmed impacted entities has been reduced to twenty-two.
• As of the time of this release, responders have engaged with all twenty-two entities to assess the impact to their systems and bring them back online.
• More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.
• The State of Texas systems and networks have not been impacted.
• Evidence continues to point to a single threat actor.
• Investigations into the origin of this attack are ongoing.
• Because this is an ongoing federal investigation, we cannot provide additional details about the attack.
• To put themselves in the best cybersecurity posture, public and private organizations can follow these cybersecurity best practices:
  • Keep software patches and anti-virus tools up to date.
  • Create strong unique passwords that are changed regularly.
  • Enable multifactor authentication, especially for remote logins.
  • Modernize legacy systems and ensure software is as current as possible.
  • Limit the granting of administrative access.
  • Perform regular, automated backups and keep the backups segregated.

BACKGROUND

• The Texas Department of Information Resources (DIR) is leading the response to a ransomware attack against entities across Texas.
• On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments.
• Later that morning, the State Operations Center (SOC) was activated.
• The following agencies are supporting this incident:

• • Texas Department of Information Resources
  • Texas Division of Emergency Management
  • Texas Military Department
  • The Texas A&M University System’s Security Operations Center/Critical Incident Response Team
    • Texas Department of Public Safety
    • Computer Information Technology and Electronic Crime (CITEC) Unit
    • Cybersecurity
  • Intelligence and Counter Terrorism
  • Texas Commission of Environmental Quality
  • Texas Public Utility Commission
  • Department of Homeland Security
  • Federal Bureau of Investigation – Cyber
  • Federal Emergency Management Agency
  • Other Federal cybersecurity partners

Source: Texas Department of Information Resources