More than 20 local governments in Texas were targeted in a coordinated ransomware attack of unprecedented size on Friday, but several of the cities had resumed normal operations by Tuesday, state officials said.
The Texas Department of Information Resources said in a statement that it believes a single source is behind all 22 of the attacks. It didn’t name the affected cities or provide details about the attacker’s demands.
The attack in Texas is similar to others that have crippled digital operations in cities around the country in recent years, Elliott Sprehe, a department spokesman, said Tuesday.
“Once it’s activated, your computer system is effectively locked from use until you pay that ransom as requested,” he said.
Cyber-security experts said the number of cities affected by the Texas attack far exceeds attention-grabbing hacks of individual systems owned by cities, counties and state agencies in recent years.
The best recourse for victims of a ransomware attack is to restore the captive systems from a saved backup, assuming they have one, said Brian Calkin, chief technology officer for the Center for Internet Security. If not, officials must decide whether to pay the ransom or rebuild their system from scratch.
“Ransomware is mostly opportunistic,” Calkin said. “They’re casting as wide a net as possible and they want to see whoever they can catch and compromise.”
State and federal agencies, including the Department of Homeland Security and the FBI, are working with the affected Texas cities. Sprehe declined to provide more detail on the number of cities that have resumed normal activity or details of their recovery.