23 local Texas governments were ransomware infected last week with what Texas officials described as a coordinated attack.
The attack took place in the United States on Friday morning, August 16, when several smaller local Texas governments reported problems accessing their data from the DIR.
DIR officials have not published a list of local governments affected. The agency was unable to provide an exact number of affected entities on Friday, but one day later, DIR stated that there are 23.
“It appears all entities that were actually or potentially impacted have been identified and notified,” DIR said. “Responders are actively working with these entities to bring their systems back online.”
The organization has co-ordinates recovery efforts with over ten other government agencies in Texas and the USA, including the Texas Emergency Management Division, the FBI, DHS, the Texas Department of Public Safety, and others.
“At this time, the evidence gathered indicates the attacks came from one single threat actor,” DIR officials said on Saturday.
We learned from a local source that ransomware which infected the networks of the 23 local government organizations in Texas encrypts files and then adds the. JSE extension at the end.
This strain of ransomware does not have its own name, usually called ransomware.jse-though some antivirus vendors detect it as Nemucod, under the name of the trojan who drops it on infected host.
The first signs of this ransomware were already found in August 2018 but activity continued and was reported just this month. The ransomware is strange because it does not leave a ransom note behind, confusing victims that don’t know what happened most of the time.
US cities have been the primary target of ransomware gangs in recent months, with infections reported across the United States.
In July, following a similar coordinated ransomware attack in several school districts, the Governor of Louisiana declared a state emergency.