{
	"id": "adfdf697-9e8c-4b98-b7db-3f8ed74119aa",
	"created_at": "2026-04-06T00:11:29.74419Z",
	"updated_at": "2026-04-10T03:20:05.543487Z",
	"deleted_at": null,
	"sha1_hash": "4faa3bc02446648c48b8392e1445d8faab45d263",
	"title": "Over 20 Texas local governments hit in 'coordinated ransomware attack'",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 968229,
	"plain_text": "Over 20 Texas local governments hit in 'coordinated ransomware\r\nattack'\r\nBy Catalin Cimpanu\r\nPublished: 2019-08-18 · Archived: 2026-04-05 23:14:47 UTC\r\nTwenty-three local Texas governments have been infected with ransomware last week in what Texas officials have\r\ndescribed as a coordinated attack.\r\nThe attack took place on Friday morning, August 16, US time, when several smaller local Texas governments\r\nreported problems with accessing their data to the Texas Department of Information Resources (DIR).\r\nDIR officials did not pubish a list of impacted local governments. On Friday, the agency couldn't provide an exact\r\nnumber of impacted entities, but a day later, DIR said the number is 23.\r\n\"It appears all entities that were actually or potentially impacted have been identified and notified,\" DIR said.\r\n\"Responders are actively working with these entities to bring their systems back online.\"\r\nThe organization has been coordinating recovery efforts together with more than ten other Texas and US\r\ngovernment agencies, such as the Texas Division of Emergency Management, the FBI, the DHS, the Texas\r\nDepartment of Public Safety, and others.\r\n\"At this time, the evidence gathered indicates the attacks came from one single threat actor,\" DIR officials said on\r\nSaturday.\r\nSodinokibi ransomware blamed for incident\r\nInitially, ZDNet learned from a local source that the ransomware that infected the networks of the 23 local Texas\r\ngovernments encrypted files and then added the .JSE extension at the end.\r\nhttps://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/\r\nPage 1 of 2\n\nReports about a mysterious ransomware using this tactic have been floating around since June 2017, continued\r\nthroughout 2018, and new activity has been reported as recently as this month.\r\nHowever, following the publication of an initial version of this artice describing the infection as being caused by a\r\nso-called JSE ransomware, ZDNet received more information from a more authoritative source that the\r\nransomware responsible for the infections across the 23 local Texas governments was the more well-known\r\nSodinokibi (REvil) ransomware strain.\r\nThe .JSE file extensions spotted on some infected systems were most likely the created by the Ostap trojan, as part\r\nas one of its self-replication features -- which can be easily confused with ransomware. Ostap is a known trojan\r\nthat is used to distribute the TrickBot trojan, a malware strain often used nowadays to download and deploy\r\nransomware on infected hosts.\r\nPart of the trend\r\nIn recent months, US cities have been a prime target for ransomware gangs, with infections reported all over the\r\nUS.\r\nIn July, the governor of Louisiana declared a state emergency after a similar coordinated ransomware attack hit\r\nseveral school districts.\r\nArticle updated on July 19, 4:50 pm, ET, with information from new sources that the incident has been caused by\r\nthe Sodinokibi (REvil) ransomware.\r\nRelated malware and cybercrime coverage:\r\nAT\u0026T employees took bribes to plant malware on the company's network\r\nWindows malware strain records users on adult sites\r\nNew Windows malware can also brute-force WordPress websites\r\nMicrosoft: Russian state hackers are using IoT devices to breach enterprise networks\r\nChinese cyber spies are stealing money from video game firms on the side\r\nA cyber-espionage group has been stealing files from the Venezuelan military\r\nHow to avoid .JSE ransomware that hit the Texas government TechRepublic\r\nMalware lingers in SMBs for an average of 800 days before discovery TechRepublic\r\nUS mayors resolve not to pay hackers over ransomware attacks CNET\r\nSource: https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/\r\nhttps://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.zdnet.com/article/at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack/"
	],
	"report_names": [
		"at-least-20-texas-local-governments-hit-in-coordinated-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434289,
	"ts_updated_at": 1775791205,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4faa3bc02446648c48b8392e1445d8faab45d263.pdf",
		"text": "https://archive.orkl.eu/4faa3bc02446648c48b8392e1445d8faab45d263.txt",
		"img": "https://archive.orkl.eu/4faa3bc02446648c48b8392e1445d8faab45d263.jpg"
	}
}