Skip to Content

Ransomware hackers hit nearly two dozen Texas cities

The Texas State Capitol
The Texas State Capitol
The Texas State Capitol"Texas Capitol" by The Brit_2 is licensed under CC BY-NC-ND 2.0

In what looks like a highly coordinated cyberattack, approximately 23 cities and government agencies in Texas have been hit by hackers who held the captured computer systems ransom, Texas authorities said this week.

The ransomware incidents are yet another reminder that American cities are ill equipped to defend themselves in cyberspace. A May 2019 study found over 169 instances of ransomware infecting state and local governments since 2013. 

Same but different: Dozens of US cities have been hit by ransomware this year. What makes the Texas attacks unique is their size and coordination. State authorities say that one single actor is likely responsible for all the incidents. If true, this is unlike any hacking campaign seen before.

The malware used in the attack was reported to be Sodinokibi, according to ZDNet. The creators had become one of the dominant ransomware operations online, reportedly pulling in over $2 billion in payments, before shutting down their operation in June in what the malware creators called “a well-deserved retirement.”

StateScoop reported that the malware used in Texas may be the Ryuk ransomware, a strain that’s been found in a host of recent attacks on American cities.

A national problem: In the last five years, it’s become common for American cities to get hit with ransomware. Baltimore was infected this year at a recovery cost of $10 million. A small Florida city paid $460,000 in ransom after an infection in June.

The Texas city of Borger is the only one so far to publicly say it was a victim of this latest wave of attacks. The state and other towns are otherwise keeping quiet. A Texas official told NPR he was “not aware” of any cities paying the ransom this time around.

Who pays? That May 2019 study of ransomware by the cybersecurity firm Recorded Future found that about 17% of state and local governments attacked end up paying the ransom. That number is actually considerably lower than what other organizations found: a 2019 report from CyberEdge found that 45% of organizations pay ransom, a rise from 38.7% in 2018.

The FBI recommends against paying ransom. And last month, the United States Conference of Mayors passed a resolution against paying such extortionists. 

But the fact is that when an organization is hacked and has bad or nonexistent backups, paying ransom becomes an attractive option. The downside is that you are essentially funding the criminal gang behind the operation. 

Deep Dive


child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

hacked telecom concept
hacked telecom concept

Chinese hackers exploited years-old software flaws to break into telecom giants

A multi-year hacking campaign shows how dangerous old flaws can linger for years.

inflection point post-NSO concept
inflection point post-NSO concept

The hacking industry faces the end of an era

But even if NSO Group is no more, there are plenty of rivals who will rush in to take its place. And the same old problems haven’t gone away.

stock image of robots in a car plant
stock image of robots in a car plant

Transforming the automotive supply chain for the 21st century

Cloud-based tech solutions are helping manufacturers manage a new ecosystem of suppliers with greater agility and resilience.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.