A ransomware attack has infected computers at almost two dozen government agencies in Texas.
The Texas Department of Information Resources (DIR) first reported the outbreak on Friday, describing it as a “coordinated ransomware attack.” The agencies hit were mainly smaller local governments in the Lone Star State.
“At this time, the evidence gathered indicates the attacks came from one single threat actor,” the department said in a followup statement on Saturday.
A spokesman for the department declined to name the ransomware strain involved and which cities were hit. But the department confirmed that computers at 23 government entities in the state were infected. How much the hackers are demanding in ransom, and whether the state will pay it, is also unknown, but the department plans to issue an update today or tomorrow, the DIR’s spokesman said.
Ransomware attacks typically work by infecting a computer and encrypting all the data inside. A ransom note will then be posted to the computer’s screen demanding victims pay up or else see all their data erased. In some cases, the attacks can infect entire fleets of machines once they infiltrate a corporate or government network.
The FBI and security researchers generally advise against paying off the hackers; doing so incentivizes them to strike again and there’s no guarantee the encrypted data will be released. Nevertheless, two Florida cities recently recently hit by ransomware decided to pay about $500,000 and $600,000, respectively, rather than risk losing municipal data.
The high payouts have sparked concerns that ransomware hackers will only grow bolder. “These attacks are becoming common and have no end in sight—and why should they? They’re fairly lucrative and relatively easy to execute,” said Grant McCracken, a director at bug bounty platform Bugcrowd.
He advises potential targets of ransomware attacks to beef up their security and patch their IT systems before it’s too late. Government, schools, and hospitals have routinely come under attack from ransomware attacks because they tend to use older, legacy IT systems that use unpatched software, making them vulnerable to easy exploitation. Ransomware attacks can often be delivered via an email containing a malicious attachment.