Editor's note: Lamar County Sheriff's office was on the list provided by Armor for a January attack. The story has been corrected.
Lamar County Sheriff's Office is among a list of hacked government entities maintained by Armor, a Dallas-based cloud security solutions provider. Although the list includes nine of 22 Texas government entities hacked by a statewide ransomware attack Friday, Armor has clarified that the sheriff's office attack occurred in January.
Armor posted the list in a press release on its website that the company has updated regularly as more agencies and cities announced compromised systems. The most recent Texas cities to confirm hacks were Borger and Keene.
Lamar County Sheriff’s Office declined to confirm the attack, instead referring to the Texas Department of Information Resources’ press release and Dallas FBI office’s statement.
“The FBI is working with our federal, state and local partners to identify who is responsible for a ransomware incident that affected various municipalities in the state of Texas. Due to ongoing investigation, no further details will be released at this time,” the FBI statement read.
The inmate bookings report, normally sent daily via email from the sheriff’s department, was unavailable Monday.
“Due to computer malfunctions at the Lamar County Sheriff’s Office, the inmate booking report found daily on this page was not available by press time,” The Paris News stated in Monday’s edition.
The Department of Information Resources said in a statement that it believed a single source was behind all 22 of the attacks. It did not name the affected cities or provide details about the attacker’s demands. State officials said several of the attacked cities had resumed normal operations by Tuesday.
The attacks in Texas were similar to others across the country in recent years, Elliott Sprehe, a DIR spokesman, said Tuesday.
“Once it’s activated, your computer system is effectively locked from use until you pay that ransom as requested,” he told the Associated Press.
State and federal agencies, including the Department of Homeland Security and the FBI, have been working with the cities. Sprehe declined to provide more detail on the number of cities that have resumed normal activity, or details of their recovery.
In Keene, a community of about 6,000 people about 45 miles southwest of Dallas, the attack took down all municipal computers and left the city unable to process credit card payments, Landis Adams, the city’s economic development director, told AP.
The City of Borger said in a Facebook statement that the attack on its computers took place Friday and initially prevented city workers from accepting payments and accessing vital records, including birth and death certificates. By Tuesday, the city said it still could not accept credit card payments, but workers were able to access its servers and data.
Ransomware often spreads through emails containing malicious links or attachments or by visiting a compromised website. According to the FBI, more than 1,400 ransomware attacks were reported last year and victims reported paying $3.6 million to hackers.
Trying to prevent such attacks is “a continual cat-and-mouse game” for governments of all sizes, Sprehe said.
Sprehe said he didn’t know whether any of the affected Texas municipalities have or plan to cave to the attacker’s ransom demand.
The Associated Press contributed to this report.