NOEL KING, HOST:
In Texas, officials in nearly two dozen cities are scrambling to restore their computer networks. Hackers crippled the city systems and then demanded a ransom. Now, this is not just Texas. It's a growing problem, where cyberattackers will hijack a local government in search of a profit. But as NPR's Bobby Allyn reports, security experts say the sheer number of Texas agencies targeted all at once is a new front in ransomware attacks.
BOBBY ALLYN, BYLINE: Keene, Texas, is a speck of a town about 40 miles south of Fort Worth. Mayor Gary Heinrich says it's usually a pretty quiet place, until recently, when he learned that anonymous cyberattackers had infiltrated the city's computer network. He's been hearing a lot about it from the city's 6,000 residents.
GARY HEINRICH: Well, just everything we do at City Hall that's computerized is impacted.
ALLYN: The disruption has been felt across Texas. State officials say 22 municipalities in mostly rural swaths of the state were victimized. Who's behind it? Authorities say one single threat actor. Heinrich says the ransomware was aimed at an information technology firm that provides services to local governments around the state.
HEINRICH: They just got into our software provider, the guys who kind of run our IT systems. That happens to a lot of folks in Texas that use providers to do that because we don't have a staff big enough to have IT in house.
ALLYN: State investigators and the FBI are rushing to bring computer systems back on while the cyberattackers continue to hold the government systems hostage. Heinrich says the hackers are asking for a ransom of $2.5 million.
HEINRICH: Stupid people. You know, there's just no sense in this at all.
ALLYN: Local governments are now the new favorite target of cybercriminals. In recent months, attacks have hit Georgia's court system, public schools in Oklahoma and the city of Baltimore. Allan Liska with the research firm Recorded Future has been tracking how often hackers break into local government computer systems. He says there have already been more than 60 such attacks this year. But the Texas breach stands out to him.
ALLAN LISKA: This is the first time that we've seen a coordinated attack strike so many municipalities at the same time.
ALLYN: Liska says this is how they usually happen. Someone gets what looks like a seemingly harmless email from a colleague and opens an attachment, allowing hackers to launch a program that locks up an entire computer system. For residents, it's a huge headache.
TAD MCGALLIARD: If you are in one of those cities and you're trying to buy a house today, you probably can't do that because title services are offline. If you are trying to pay your water bill, you can't do that. In Atlanta and Baltimore, we saw that court cases had to be delayed because dockets were encrypted.
ALLYN: Tad McGalliard studies local government cybersecurity at the Washington-based city manager group ICMA. He says the Texas case should be a wakeup call to cities in all corners of the country.
MCGALLIARD: We might have thought this was a big-city problem or, at least, an affluent city or county problem. But I think what's clear now is that just about any local government is vulnerable.
ALLYN: Back in Keene, Texas, Heinrich says even if the city had a spare $2.5 million, there's no way he'd cough it up to the hackers.
HEINRICH: 'Cause once you pay it, They say, this is good, let's do it again.
ALLYN: The cybercriminals who hit Baltimore asked for a ransom in bitcoin equivalent to around $76,000. City officials refused to pay it. The city's estimated cost of recovering from the ransomware attack, $18 million. Bobby Allyn, NPR News.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.