Cyber Incident Victim: Texarkana Water Utility
Date:
Nov 2020
Location:
United States of America
Summary
A ransomware attack targeted the Texarkana Water Utility's network, impacting services across Bowie and Miller Counties, including courthouse operations and BiState agencies. Suspicious activity was detected on the network, which had been compromised prior to late November, though no evidence indicated personal data was breached. While the incident caused widespread system outages and prompted shutdowns, water services remained uninterrupted. Recovery efforts involving PC and system repairs are ongoing, with the full scope of the attack still under investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 6, 2020, the Texarkana Water Utility’s Information Technology Department detected suspicious activity on a shared network serving Bowie County, Miller County, and the cities of Texarkana, Arkansas, and Texarkana, Texas. Subsequent investigation confirmed a ransomware attack had compromised the network, with evidence indicating the malware had been present since at least November 26, 2020—eleven days prior to detection. The attack caused widespread operational disruptions, forcing the shutdown of computer systems at the Bowie County Courthouse, BiState Justice Building, and other interconnected agencies. Bowie County 202nd District Court Judge John Tidwell publicly acknowledged the outages on December 6, confirming critical infrastructure had been taken offline as a containment measure. While the ransomware’s initial intrusion vector and dwell time remained undetermined during initial assessments, officials verified the incident involved unauthorized data access. No evidence of personal information compromise was identified at this stage. The Water Utility assured residents water service delivery would remain unaffected despite the network compromise. Recovery efforts commenced immediately, though officials cautioned the full scope of impacted systems and data remained unclear due to the ongoing forensic investigation.
The City of Texarkana issued a public update via its website following the discovery, confirming the ransomware’s pre-detection presence and the deliberate isolation of infected systems to prevent lateral movement. Agencies proactively disconnected from the shared network as a precaution, causing sustained service interruptions across municipal and county operations. While critical water treatment and distribution systems operated independently of the compromised network, other administrative and public-facing functions experienced prolonged downtime. Investigators prioritized determining whether exfiltration of sensitive information occurred during the attackers’ network access period. Repair teams worked to restore individual workstations and servers, though the complexity of the shared infrastructure delayed full recovery timelines. The coordinated response involved multiple jurisdictions due to the network’s cross-border design linking Texas and Arkansas entities. No ransomware variant, financial demands, or threat actors were publicly identified during the initial disclosure period. Municipal operations gradually resumed as systems were validated and restored, with continued monitoring for residual threats.