Nearly Two Dozen Texas Towns Victims of Coordinated Ransomware Attack, Single MSP Vulnerability Suspected

zombie reaching 511 x 466-1
Share the knowledge

Note: The Internet Patrol is completely free, and reader-supported. If something that you find here helps you, please consider supporting us. We also earn a small amount from ads and Amazon links:
Click for amount options
Include a message for us!:

Over the past few days information about a ransomware attack in Texas, affecting 22 different cities all at once, has been trickling in. Experts believe that the coordinated ransomware attacks almost certainly had to be the result of a security flaw or breach at one managed services provider (MSP), however efforts to determine which MSP the 22 towns have in common have been surprisingly fruitless.

[Read our related article: How to Protect Yourself or Your Business from Ransomware in 2 Steps]

So far only two municipalities of the twenty-two that the Texas state government says have been hit have been identified, and that is because they have put out statements on their own. Those cities are Borger, Texas, and Keene, Texas.

The City of Borger issued a statement, saying that “On the morning of August 16, 2019 the City of Borger was one of more than 20 entities in Texas that reported a ransomware attack. Later that morning the State Operations Center (SOC) was activated. At this time, various State and Federal agencies are supporting and responding to the incident; including Texas Department of Information Resources, Texas Division of Emergency Management, Department of Homeland Security, Federal Bureau of Investigation-Cyber Crimes Unit, Federal Emergency Management Agency and others. Responders have reduced the count of confirmed impacted entities to twenty-two. The majority of the affected entities were smaller local governments.The State of Texas computer systems and networks have not been impacted. The evidence gathered indicates the attacks came from one single threat actor.”

Moreover, the City of Borger yesterday convened a special emergency meeting of the city council to consider and adopt a Memorandum of Understanding “between the Texas Military Department and the City of Borger for the deployment of Cyber Mission Forces”.

Get New Internet Patrol Articles by Email!

Meanwhile, City of Keene mayor Gary Heinrich has confirmed that the issue was the hackers getting into one provider who services the city, although he has not named that provider.

“They got into our software provider, the guys who run our IT systems. A lot of folks in Texas use providers to do that, because we don’t have a staff big enough to have IT in house,” Heinrich is quoted as saying, in an article by Sophos.

According to ZDNet, the ransomware that was used in the Texas attacks was Sodinokibi, although we have been unable to otherwise confirm that at this time.


What the Texas Department of Information Resources (DIR) is so far sharing is that:

More than twenty-five percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.

The State of Texas systems and networks have not been impacted.

Evidence continues to point to a single threat actor.

Investigations into the origin of this attack are ongoing.

Because this is an ongoing federal investigation, we cannot provide additional details about the attack.

Meanwhile, across the pond the Register has dubbed Texas the “Pwn Star State”.

Was this article helpful? If so, please consider supporting us; the Internet Patrol has no paywall and is completely free and reader-supported.
Click for amount options
Include a message for us!:

Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.