Texas Ransomware Attacks: MSP Software Involved?

Twenty-two Texas local governments are striving to recover from coordinated ransomware attacks, and some of those government agencies are already back online, according to the Texas Department of Information Resources (DIR).

Updated August 21, 2019: The attacks may potentially deliver a black eye to the managed IT services provider (MSP) market. According to an NPR report, the hacker attack involved “information technology software used by the city and managed by an outsourced company.”

MSSP Alert is checking to see if the NPR source was referring specifically to an MSP, a software company or some other third party that supports Texas local governments. There’s there’s speculation that the statement actually refers to the Texas Department of Information Resources (DIR) rather than an MSP as the culprit. The DIR is a sourcing organization that allows local Texas government organizations to source IT solutions.

Updated August 20, 2019: The DIR disclosed the attacks on August 16, 2019, and provided the following updates on August 20, 2019:

  • The number of confirmed impacted entities has been reduced to 22, down from a previous report of 23 local governments.
  • As of the time of this release, responders have engaged with all 22 entities to assess the impact to their systems and bring them back online.
  • More than 25 percent of the impacted entities have transitioned from response and assessment to remediation and recovery, with a number of entities back to operations as usual.
  • The State of Texas systems and networks have not been impacted.
  • Evidence continues to point to a single threat actor.
  • Investigations into the origin of this attack are ongoing.

Technology vendors such as Dell Technologies are offering product discounts to assist the recovery efforts.

Texas Governor Greg Abbott’s website has not mentioned the ransomware attacks as of August 20 at 6:00 p.m. ET.

Original MSSP Alert Report from August 17, 20219

The department did not disclose whether the entities were Texas cities, towns, counties or specific departments within such entities.

The size and scope of the attacks — in terms of how many computers and applications were hit — also were not disclosed.

According to an August 16 statement from the DIR:

 “Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions.  Further resources will be deployed as they are requested.”

MSSP Alert will continue to follow to update this story as more details surface.

Ransomware Attacks Government Infrastructure

Ransomware attacks continue to plague federal, state and local government agencies across the United States.

The fallout so far: As of July 2019, ransomware attacks have hit at least 170 county, city, or state government systems in the United States since 2013. Moreover, 22 of those attacks occurred in the first half of 2019, according to The U.S. Conference of Mayors.

The most recent attacks have hit these U.S. cities.

Those mayors have vowed to stop paying ransomware demands from hackers, but those same mayors will need to boost their cybersecurity and business continuity stances in order to ensure they can maintain such a vow.

MSPs Also Suffer Ransomware Attacks

MSPs have also suffered ransomware attacks in recent months. The fallout has included:

Hackers worldwide have been hitting MSPs of all sizes — not just global technology service providers. The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

Amid those challenges, the MSP industry (spanning technology companies, service providers and more) could soon face a “crisis of credibility” if the market doesn’t take major steps to more effectively mitigate ransomware threats, cyberattacks and associated fallout, ChannelE2E and MSSP Alert believe.

Amid that threat landscape, MSP software providers and their channel partners are increasingly activating two-factor authentication as a means to stop hackers from entering systems.

Related Content


Return Home




    Guys, you are a bit late to the party….

    Joe Panettieri:

    Hey Tim: Thanks for your readership. Would have posted sooner. Dropping kids at college. We’ll be sure to update the coverage as more details emerge.


    Thank you Sir. It’s not getting a lot of air time in Texas either. Go figure…

    Dustin Bolander:

    Yeah I am not seeing anything besides the DIR notice…odd.

    Luis Garcia:

    So this is gaining additional ground and now an MSP appears to have been the common denominator in this hack. I would really like to understand how it happened, was it the RMM tool they were using, were they using 2FA, etc.
    Saw this initially here: https://www.reddit.com/r/msp/comments/ctk528/msp_to_be_blamed_for_ransomware_attack_in_texas/
    And that Reddit linked to here: https://www.bleepingcomputer.com/news/security/hackers-want-25-million-ransom-for-texas-ransomware-attacks/

    Joe Panettieri:

    Hi Luis: Thanks for your readership, comment and links. The circumstantial evidence seems to point to the MSP industry, as our own coverage now points out as well.

    Still, the “MSP” connection to this story so far involves a vague statement to NPR about outsourced IT. Everyone in and around the MSP market, naturally, believes such a statement points right to the MSP market. We continue to update the story above, and we’ve also reached out to the Texas DIR for more technical details about the attack.


    Luis Garcia:

    Hey Joe,

    The reddit link I posted has some comments that brings up good points. Since it is a government entity, they usually go with the lowest bidder for RFP’s without much regard to the quality of the contractor. We have seen an uptick in fly by night MSP’s over the past couple of years with very low entry pricing that does not include the security stack SMB’s should have in todays security environment nevermind government entities. It’s saturating the industry and lowering the bar for MSP standards.

    Joe Panettieri:


    Thanks for continued updates and perspectives. And just to hedge things a bit, there’s a chance an MSP was NOT involved in this attack. The “service provider” may have been the Texas DIR — part of the state IT support system. We’re still seeking clarification/facts and will share potential updates via the article above.

    Luis Garcia:

    Interesting development. I’ll continue following to see details as they are released.

    Thank you.

    Perry Dale:

    4 months later and I am still unable to find the root cause.

Leave a Reply

Your email address will not be published.