Twenty-three local Texas governments have been infected with ransomware last week in what Texas officials have described as a coordinated attack.
The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR).
DIR officials did not pubish a list of impacted local governments. On Friday, the agency couldn't provide an exact number of impacted entities, but a day later, DIR said the number is 23.
"It appears all entities that were actually or potentially impacted have been identified and notified," DIR said. "Responders are actively working with these entities to bring their systems back online."
The organization has been coordinating recovery efforts together with more than ten other Texas and US government agencies, such as the Texas Division of Emergency Management, the FBI, the DHS, the Texas Department of Public Safety, and others.
"At this time, the evidence gathered indicates the attacks came from one single threat actor," DIR officials said on Saturday.
Sodinokibi ransomware blamed for incident
Initially, ZDNet learned from a local source that the ransomware that infected the networks of the 23 local Texas governments encrypted files and then added the .JSE extension at the end.
However, following the publication of an initial version of this artice describing the infection as being caused by a so-called JSE ransomware, ZDNet received more information from a more authoritative source that the ransomware responsible for the infections across the 23 local Texas governments was the more well-known Sodinokibi (REvil) ransomware strain.