Multiple federal and state agencies - including the Department of Homeland Security, Federal Emergency Management Agency and the Texas Department of Public Safety - are assisting with the response.
The department declined to name the specific cities that were attacked, but said the majority were smaller local governments. "Responders are actively working with these entities to bring their systems back online".
"Investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time", the statement noted. As of Saturday, DIR knew of 23 agencies that were affected in the attack, which the department believes was likely executed by a "single threat actor". This implies that the attacks are not yet under control, which is understandable considering the scope of the ransomware infection.
The hacker bait tends to come in the form of a seemingly benign email with links or attachments that, once opened, can infect a system. With the recent attacks on state and city government, local officials are rushing to secure their computer systems, holding new training and backing up their servers, Liska said.
It's also unknown how much money the attacker is demanding to end the attack.
Lake City and Riviera Beach paid over $US1 million to the attackers to release the data stored in the city systems.
According to its findings, ransomware detections for businesses increased 363 per cent in the second quarter of 2019.
That last part of the State Operations Center's mission is key to understanding this ransomware incident.
"Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals, who might yield, at best, a few personal files that could be used for extortion or identity theft", Malwarebytes stated on the report.