Investigators say hackers activated the attack Friday, affecting 23 government agencies.
The Texas Department of Information Resources said 23 unspecified entitiesthroughout the state reported the ransomware attack four days ago.
“It appears all entities that were actually or potentially impacted have been identified and notified,” the Texas Department of Information Resources said. “Responders are actively working with these entities to bring their systems back online.”
Officials said available evidence indicates the attack came from a “single threat actor,” but they did not provide specific information about whether the hacker demanded a ransom to release key files, as has been seen in a host of other cyberattacks in the last three months.
Texas Gov. Greg Abbott has ordered a “level 2 escalated response” to the attack, a designation that indicates the emergency is beyond the scope of local responders.
Multiple federal and state agencies — including the Department of Homeland Security, Federal Emergency Management Agency and the Texas Department of Public Safety — are assisting with the response.
Officials have not identified which agencies were booted offline by the attack, but they did say state of Texas systems were not affected and that most of the affected agencies belong to “smaller local governments.”
ZDNet reported that the attack used what’s known as the Sodinokibi (REvil) ransomware strain.
Texas has now joined several other states that have been targeted by recent ransomware attacks — including Maryland, Florida, North Carolina, Georgia, Louisiana and Kentucky — and Europe. Some of the municipalities have opted to pay the ransom — more than a combined $1 million — in an effort to retrieve key files.