2022-08-16 06:10Blog post

We remember the Texas Ransomware Attack

Green ones and zeros on a computer with the text "RANSOMEWARE" highlighted in orange. The letter "RANSOM" are cut out from a nesapaper and sits in front.

It has now been three years since 22 towns across Texas U.S. were exposed to one of the largest ransomware attacks ever in the U.S. Governor Greg Abbott declared the incident a statewide disaster and the first of it's kind, but what really happened?

"Give us the money, or else"...

Ransomeware is exactly what it sounds like - a malware virus that hold a victim’s information at ransom. An organization’s valuable data is held hostage by cybercriminals. By encrypting the data the organization cannot access files, databases, or applications. A ransom is then demanded, i order to regain access.  

What happened?

August back in 2019 in Texas, workers culd not access files or documents and printers spewed out demands for money. Town residents couldn't pay water bills, governments couldn't pay salaries and police officers had problems retrieving records, birth and death certificates etc. All across Texas, similar scenes played out at the same time.

A desert landscape and a

The attack was finally tied to a Russia-based criminal syndicate, and involved the REvil/Sodinokibi ransomware. The attack was first initiated due to a small managed service provider's remote access software had been compromised. This particular small managed service provider sustained irreparable damage, and it shows some of the devastating consequences that may follow in the footsteps of ransomware.

..."Customers lost and lost trust, is not easy to recover from. ."

Some small business were also effected by the attack, and they testify of lost customers due to the cyber attack. Many of the customers had been with companies for a long period of time - beautiful customer relationships that had been built and nurtured over decades. But when the ransomware attack broke their digital security, a trust had been broken too and some damage is just to hard to repair. Customers lost and lost trust, is not easy to recover from.

Planning in advance equals a quick recovery

Overall though the cities affected during the attack recovered quite quickly over the next couple of days. This was much due to the preparation that Texas had done in advance. The key here was planning and practicing recovering from a major cyber attack - such as this one.

It took a large number of people dedicated to this particular incident to find a cure to this virus attack. This included people out in the field, people in the security operations center and analysts going from city to city trying to repair the damage.

Is it worth it?

In the aftermath of the Texas ransomware attack of 2019 the cost of the scenario described above is too high. Loosing data, customers, a community not functioning is a price not worth paying. In order to avoid paying that price online security is now more than ever a must. The price for being digitally safe however, is an investment well worth the cost! Prioritizing security is an important key to a fully functional and safe workplace.

Printed charts in blue on a flat surface, and a calculator on top of them spelling

If the Texas ransomware attack has thaught us anything it is that there are still to this day big gaps in cyber defenses, and that we must expect more attack like this in the future.


About Farsight Tech Nordic

Farsight is a Swedish IT development partner that makes people and organizations grow! We are your ”go-to-guys” regarding all your IT systems, technology and IT-security subject matters. At the same time, we are local community builders and ensue a sound labour market and good ethics. Our business is all about finding clever solutions for secure access, management and communication of business-critical information.


Carina Sjövill
Head of Marketing & Communications
Carina Sjövill