Coordinated ransomware attack hits 23 local government entities in Texas

• The impacted organizations are not revealed because of security concerns, however, a majority of the impacted entities are noted to be smaller entities.
• The State of Texas systems and networks have not been impacted by the attack.

What is the issue?

Twenty-three local Texas government entities have been targeted with a coordinated ransomware attack on August 16, 2019.

The big picture

Upon learning the incident, the Department of Information Resources (DIR) launched an investigation into the attacks. All the impacted government entities are notified about the incident. The impacted organizations are not revealed because of security concerns. However, a majority of the impacted entities are smaller entities.

Based on the collected evidence, officials suspect the attacks to be conducted by a single threat actor. A local source noted that the ransomware that infected Texas governments encrypts files and appends the .JSE extension to the encrypted files.

“At this time, the evidence gathered indicates the attacks came from one single threat actor. Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time,” said the DIR in a statement.

This ransomware strain is generally called the .jse ransomware, although some antivirus software detects it as Nemucod.

What was the response?

Upon discovery, the departments are working with these entities to recover their systems back online. However, the State of Texas systems and networks have not been impacted by the attack.

• The Texas Division of Emergency Management is providing assistance through the Texas State Operations Center.
• The DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to affected organizations.

“Local jurisdictions who have been impacted should contact their local TDEM Disaster District Coordinator. DIR is fully committed to respond swiftly to this event and provide the necessary resources to bring these entities back online,” said the DIR in a statement.