Texas ransomware spree

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week. 

The Texas Department of Information Resources (DIR) became aware of the ransomware campaign after being contacted by the municipal governments of several towns that were unable to access critical files. The DIR has yet to identify the affected government entities and is currently working with the Texas Military Department as well as the Texas A&M Cyberresponse and Security Operation Center to investigate the attack and restore critical services where possible. 

Although the DIR has released few details about the ransomware campaign, they did confirm that it originated from a single “threat actor.” The ransomware deployed is known is .JSE and typically works by encrypting files and appending the suffix “.jse.” .JSE differs from other ransomware variants and malware in that it doesn’t leave behind a ransom message.

U.S. local governments have increasingly been targeted by ransomware campaigns, including Baltimore, Atlanta and several Florida cities. Municipal governments tend to have lower budgets for IT and cybersecurity support, and are often willing to pay ransom to be able to restore services.