Cyber Incident Victim: Texas (State)
Date:
Aug 2019
Location:
United States of America
Summary
A coordinated ransomware attack disrupted operations at 23 Texas government agencies, believed to be orchestrated by a single threat actor. The state's Department of Information Resources led response efforts with support from emergency management, military units, and federal partners including the FBI's cyber unit, though impacted entities were not publicly identified to prevent further targeting. This incident aligned with a broader trend of escalating ransomware attacks against municipalities and government entities, exemplified by recent high-profile cases in Florida, Baltimore, and Atlanta where attackers demanded substantial cryptocurrency ransoms. Cybersecurity reports indicated a significant surge in such business-focused ransomware incidents during the period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 16, 2019, multiple Texas state agencies experienced significant computer disruptions later confirmed by the Texas Department of Information Resources (DIR) as a coordinated ransomware attack. The DIR announced its oversight of the response effort that same day, initially acknowledging impacts on at least 20 local government entities before revising the count to 23 affected agencies by August 17. The department attributed the attack to a single threat actor but withheld identifying specific compromised entities to prevent further targeting. Response coordination involved the Texas Division of Emergency Management, Texas Military Department, Texas A&M University System’s Cyberresponse and Security Operations Center teams, and federal partners including the FBI’s cyber unit and FEMA. Resources were prioritized for the most critically impacted jurisdictions, though technical details regarding ransomware variants, initial attack vectors, and data encryption scope remained undisclosed. No ransom demands or payment discussions were publicly confirmed by state authorities during the immediate response phase.
The incident occurred amid a documented surge in ransomware attacks against U.S. municipal and state entities throughout 2019, including high-profile cases in Riviera Beach and Lake City, Florida, where combined ransom payments exceeded $1 million, and Baltimore’s RobbinHood ransomware infection affecting 10,000 computers. DIR’s public communications emphasized ransomware awareness through linked cybersecurity guides while maintaining operational focus on system restoration. Malwarebytes’ Q2 2019 threat report, cited in contemporaneous coverage of the Texas incident, noted a 363% quarterly increase in business-sector ransomware detections, aligning with the attack’s broader context of shifting cybercriminal focus toward government and enterprise targets. Recovery timelines and specific operational impacts on Texas agencies’ services were not detailed in available disclosures.