Was the ransomware attack on 20+ Texas local governments an attack on a single service provider? [UPDATE: YES!]

The Texas local governments attack seems to me to be more akin to the trend we have been seeing in 2019 with attackers targeting one MSP and then using that access and the MSP’s tools to attack / encrypt the MSP’s individual clients. If I’m not mistaken (and, I could be), the Texas DIR often acts as sort of a provider / MSP or/ MSSP to some local governments by providing outsourced services to those local governments.

Does anyone know if that was the case for these 22 entities or if that has some connection? I do know DIR is leading the response.

UPDATE: I just heard from a friend who has worked arm in arm with these folks and the answer is:

Hey Shawn. Answer to your DIR question is no. DIR does not provide services to local gov in this form but does coordinate response.


As we learn more, yep, it was an MSP — join the discussion here:




This site uses Akismet to reduce spam. Learn how your comment data is processed.