Everything's bigger in Texas, we've heard it said.
In this case, that includes a ransomware attack taking dozens of local government systems offline.
"On the morning of August 16, 2019, more than 20 entities in Texas reported a ransomware attack. The majority of these entities were smaller local governments," according the the Texas Department of Information Resources (DIR).
When the state realized how widespread the attack was, it activated its State Operations Center (SOC), and staffed it around the clock to help with incident response in the case.
The Texas DIR says 23 entities have been confirmed as victims of the Texas ransomware attack so far.
And as big as the ransomware attack is, it sounds as if the incident response resources are even bigger. Those assisting:
The Texas Department of Information Resources says that incident response and recovery is the focus right now, which is something we often hear from security leaders and teams at SecureWorld conferences across North America.
However, the agency did share one clue about the potential source of the attack: "At this time, the evidence gathered indicates the attacks came from one single threat actor."
For one thing, we know that State of Texas systems and networks have not been impacted.
For another, we know that ZDNet is reporting on the actual ransomware strain involved:
"ZDNet has learned from a local source that the ransomware that infected the networks of the 23 local Texas governments encrypts files and then adds the .JSE extension at the end.
This ransomware strain does not have its own name, being generally called the .jse ransomware—although some antivirus vendors detect it as Nemucod, under the name of the trojan that drops it on infected hosts."
And lastly, we know this will be a topic of discussion among cybersecurity professionals at SecureWorld Dallas on October 9-10. Keynote speaker and Dallas cybersecurity attorney Shawn Tuma will be all over it.
SecureWorld will update this story with new information when we have it.