Ransomware hits 23 Texas local governments

Register now

A ransomware attack on 23 Texas local governments appears to be coming from a single source, according to state agencies investigating the latest episode of online criminals holding public data hostage.

“At this time, the evidence gathered indicates the attacks came from one single threat actor,” the Texas Department of Information Resources said in a press statement. “Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.”


Ransomware is a computer program that locks up an organization’s systems until the victim pays a ransom is paid or files are recovered. Ransomware damages computer hardware and connected devices, sometimes shutting down systems for days or weeks.

The Texas governments reported a ransomware attack on Friday morning. Although state officials did not name them, the majority were smaller local governments. The State Operations Center was activated with a day and night shift.

“It appears all entities that were actually or potentially impacted have been identified and notified,” officials said. “Twenty-three entities have been confirmed as impacted. Responders are actively working with these entities to bring their systems back online.”

The State of Texas systems and networks have not been impacted, official said.

Some cities and counties that were not attacked shut down Internet access to avoid the threat.

In January, the City of Del Rio, Texas, had to abandon electronic services after a ransomeware attack froze servers. Del Rio reverted to pin and paper as tech experts worked to prevent further spread of the malware. City officials notified the FBI and Secret Service.

Michael Pietronico, CEO of Miller Tabak Asset Management, said in a commentary piece Monday that his firm's internal ratings reflect issuers' overall resilience to manage and respond to changes in its operating environment, including risks associated with cyberattacks.

A May 7 attack on Baltimore hobbled its ability to collect water bills, property taxes, and parking revenue. It also shut down the system to process home sales. The city's online payment portal is still offline. Baltimore has refused to pay the ransom.

"Although it is too early to assess the full monetary effect of the cyberattack, we understand the city's estimated costs to date total about $18 million," Pietronico said. "Despite the significant cost, we do not anticipate the breach will lead to a credit event, given Baltimore's sizable reserves equal to $385.3 million at fiscal year-end 2018, or 20% of operating expenses, as well as its liquidity equal to 52% of total governmental expenditures, which we consider very strong."

The cyberattack in Baltimore follows last year's high profile ransomware attack in Atlanta, which cost the city an estimated $17 million to fix, about 2.6% of the City's budget.

Riviera Beach, in Palm Beach County, Florida, authorized its insurer to pay a ransom of almost $600,000 to hackers that unleashed a virus crippling the city's computer systems. According to the Miller Tabak piece, the city of about 35,000, approved the payment of 65 bitcoins, valued at $592,000.

"The growth of Internet of Things (IoT), interconnected sensors embedded in technology, such as WIFI networks, building maintenance systems, medical devices, and traffic sensors, further contribute to cyber riskPietronico said. IoT devices outnumbered the world's population in 2017 and are projected to double by 2020, according to Gartner technology consultants," Pietronico wrote.

"Cyberattacks also threaten to erode public confidence in government, and can suggest weak governance," he wrote. "Cyberattacks can hurt issuers' reputations, evidenced by the fact that many cities and states avoid reporting them."

Pietronico added that the lack of consistent reporting of cyberattacks could leave many issuers complacent about the risks or unaware of some of their own vulnerabilities.

He recommends sharing details of attacks broadly with the municipal bond market and law enforcement. Public entities should also report the attacks through an event notice on the Municipal Securities Rulemaking Board website, EMMA.

"Only with consistent and transparent disclosure can the evolving sophistication of cyber criminals be recognized, and prudent mitigation measures taken and disseminated," he wrote. "Investors need to determine whether states and local governments take cybersecurity seriously as a risk, and issuers need to assess and share information about the defenses in place against cyberattacks."

For reprint and licensing requests for this article, click here.
Ransomware Budgets Texas Georgia Maryland
MORE FROM BOND BUYER