Attackers Demand $2.5 Million Ransom After Coordinated Ransomware Attacks on Texas Government Entities

• Two of the impacted municipalities, the City of Borger, and the City of Keene, have publicly disclosed that they’ve been impacted by the coordinated ransomware attack.
• Keene Mayor Gary Heinrich said that the threat actor infiltrated into the city’s IT software, which is managed by a managed service provider (MSP).

The attacker who hit over 22 local government entities in Texas with a coordinated ransomware attack has demanded a collective ransom payment of $2.5 million.

Update on the attack

• An update from the Department of Information Resources (DIR) reveal that the number of impacted entities has come down to 22.
• Nearly 25% of the impacted entities have been moved from the response and assessment stage to remediation and recovery stage.
• A number of impacted entities have restored their operations back to normal.
• However, the identities of the impacted entities still remain undisclosed because of security reasons.

Meanwhile, two of the impacted municipalities have publicly disclosed that they’ve been impacted by the ransomware attack.

City of Borger

• The City of Borger in Texas has released a press release stating that the attack has impacted the City’s business and financial operations.
• However, the City assured that it continues to provide phone services and other basic emergency services such as Police, Fire, 9-1-1, Animal Control, Water, Wastewater and Solid Waste Collection.
• The City confirmed that it is currently working with responders to bring its computer systems back online.

“State and Federal agencies continue investigating the origins of this attack; however response and recovery are the City’s priority at this time. Based on the current state of the forensic investigation, it appears that no customer credit card or other personal information on the City of Borger’s systems have been compromised in this attack,” read the press release.

City of Keene

The City of Keene in Texas admitted in a Facebook post that the attack has impacted the City’s services to process credit card payments.

“Keene is working with law enforcement to resolve a cyber incident that impacted servers state-wide. Because this is an investigation, we can’t share much.
Here’s what you need to know:
• No credit card payments or utility disconnections for now
• Our drinking water is safe
• Check back here for updates,” read the Facebook post.

Keene Mayor Gary Heinrich told National Public Radio that the threat actor infiltrated into the city’s IT software that is managed by an outsourced company, which also supports many of the other affected municipalities. Heinrich added that the threat actor demanded a collective ransom of $2.5 million.

“They got into our software provider, the guys who run our IT systems. A lot of folks in Texas use providers to do that, because we don't have a staff big enough to have IT in house,” said Henrich.