WILMER, Texas — At the public library in Wilmer, books were checked out not with the beeps of bar code readers but with the scratches of pen on notebook paper. Out on the street, police officers were literally writing tickets — by hand. When the entire computer network that keeps the small town’s bureaucracy afloat was recently hacked, Wilmer was thrown into the digital Dark Ages.
“It’s weird,” said Jennifer Dominguez, a library assistant. “We’ve gone old school.”
This has been the summer of crippling ransomware attacks. Wilmer — a town of almost 5,000 people just south of Dallas — is one of 22 cities across Texas that are simultaneously being held hostage for millions of dollars after a sophisticated hacker, perhaps a group of them, infiltrated their computer systems and encrypted their data. The attack instigated a statewide disaster-style response that includes the National Guard and a widening FBI inquiry.
More than 40 municipalities have been the victims of cyberattacks this year, from major cities such as Baltimore, Albany and Laredo, Texas, to smaller towns including Lake City, Florida. Lake City is one of the few cities to have paid a ransom demand — about $460,000 in Bitcoin, a cryptocurrency — because it thought reconstructing its systems would be even more costly.
In most ransomware cases, the identities and whereabouts of culprits are cloaked by clever digital diversions. Intelligence officials, using data collected by the National Security Agency and others in an effort to identify the sources of the hacking, say many have come from Eastern Europe, Iran and, in some cases, the United States. The majority have targeted small-town America, figuring that sleepy, cash-strapped local governments are the least likely to have updated their cyberdefenses or backed up their data.
Beyond the disruptions at local city halls and public libraries, the attacks have serious consequences, with recovery costing millions of dollars. And even when the information is again accessible and the networks restored, there is a loss of confidence in the integrity of systems that handle basic services like water, power, emergency communications and vote counting.
“The business model for the ransomware operators for the past several years has proved to be successful,” said Chris Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, which has the primary responsibility for aiding American victims of cyberattacks.
“Years of fine-tuning these attacks have emboldened the actors, and you have seen people pay out — and they are going to continue to pay out,” he said, despite warnings from the FBI that meeting ransom demands only encourages more attacks.
In Georgia alone in recent months, the tally of victims has been stunning: the city of Atlanta. The state’s Department of Public Safety. State and local court systems. A major hospital. A county government. A police department for a city of 30,000 people.
In the 22 Texas attacks, according to several experts who have been called in, the pathway appeared to be through a once-trusted communications channel often used by law enforcement agencies, and managed by a private systems-management firm. Getting inside a channel shared by so many Texas localities meant the hackers had to target only one system, which ushered them into municipal networks across the state.
The coordinated attack began on Aug. 16. State officials said a “single threat actor,” which could be a group, was behind the cyberattack, but they declined to elaborate or discuss details about how the virus spread, referring questions to the FBI office in Dallas, which also declined to release details of its investigation.
In Kaufman, located more than 30 miles southeast of Dallas, city employees were forced to conduct business manually instead of through computers. City staff members used their cellphones because the phone system was disabled.
Mike Slye, Kaufman’s city manager, said he was not permitted to discuss details of the attack, including how it was discovered.
Such a response is typical in the aftermath of small-town cyberattacks. Some local leaders are embarrassed, while others fear that by discussing the attack, they will invite future ones or will expose a weakness in their cyberdefenses.
Officials in Wilmer hoped to have the city’s systems fully operational in two to three weeks. The mayor, Emmanuel Wealthy-Williams, issued a statement as well.
It was neatly handwritten, on notebook paper.