At 9:30 p.m. Sept. 11, the Travis Central Appraisal District (TCAD) became aware that its computer systems were impacted by a cyberattack. The attack affected website property search, phone, email, and computer assisted mass appraisal systems, according to a TCAD media release. The cyberattack was a ransomware virus, which encrypts data/locks files stored and keeps them in this state until a ransom is paid.
Importantly, the district said that daily operations, including appraisal protests and customer service, were not impacted, and confidential property owner information was not at risk. Eight days after the attack, TCAD said “all core systems have been fully restored.”
The TCAD said because the encrypted files were locked they were not accessible to the server and caused the system services to stop working. As to a ransom, the TCAD did not pay any funds to decrypt the files, the district said.
Law enforcement does not recommend victims of cyberattacks pay any ransom, but district staff members were working in conjunction with cybersecurity experts to remediate and restore systems functionality.
“As soon as the virus was detected we implemented our security incident response and business continuity plan, we took immediate action to secure our system, infected systems were isolated, backup data was secure, appropriate state agencies were contacted, and cybersecurity experts were engaged to assist with remediation and restoration of system services,” the TCAD release said. “The district maintains comprehensive backup data at secure offsite locations that are being used to restore files and system services.”
No confidential information was compromised by the cyberattack, and it was determined that the sole purpose of the cyberattack was to encrypt and lock district files to hold them hostage for ransom, the release stated. There was no evidence that any data was breached during the attack or that the virus propagated to other systems, the release said.
As to this attack being related to the cyberattacks on local government entities back in August, the district couldn’t say what variant of ransomware the other local government entities were infected with, the two incidents are similar in that they are both ransomware attacks on local government entities where funds were demanded for a decryption key to release the government data.
“Identification and removal of the virus, along with additional measures to prevent future attacks was the first priority,” the TCAD said. “The district will continue to work with cybersecurity experts to conduct forensic analysis to identify the parties responsible for the cyberattack and to implement future preventative measure.”