You are here: Home Contents V19 N2 V19N2_Dzimiela.html
Personal tools

An Inside View of a Ransomware Attack Response and Recovery



Full text

Journal of Information Systems Security
Volume 19, Number 2 (2023)
Pages 97114
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Casey Dzimiela — West Texas A&M University, USA
Murray E. Jennex — West Texas A&M University, USA
Information Institute Publishing, Washington DC, USA




On August 16, 2019, a ransomware attack impacted 23 organizations in north and northwest Texas. The ransomware attack was unique in that it targeted primarily small community organizations and was coordinated through a single managed service provider. Response to the attack was intense and involved several local, state, and federal organizations, with the Texas governor activating the state national guard cybersecurity unit. This paper provides a firsthand account from a member of the state national guard cybersecurity unit that responded directly to one of the affected communities. Several observations are reported, and recommendations made to help improve cybersecurity awareness and preparedness in small municipalities and small and medium organizations.




Ransomware, Incident Response, Security Planning, Incident Recovery, Security Knowledge.




Achten, N., (2022). Texas Municipality ransomware attack (2019). Cyberlaw, July 22, 2021. Retrieved on February 18, 2023 from

Allyn, B., (2019). 22 Texas Towns Hit With Ransomware Attack In 'New Front' Of Cyberassault. National Public Radio, August 20, 2019. Retrieved on February 18, 2023 from

Bleiberg, J. and Tucker, E. (2021). ‘Holy moly!’: Inside Texas’ fight against a ransomware hack. AP News, July 25, 2021. Retrieved on February 18, 2023 from

Cisternelli, E. (2023). 7 Cybersecurity Frameworks That Help Reduce Cyber Risk., March 31, 2023. Retrieved on April 23, 2023 from

Dudley, R. (2019). The extortion economy: How insurance companies are fueling a rise in ransomware attacks. Pro Publica.

Freed, B., (2019). More identified in Texas ransomware attack as feds urge coordinated response. Statescoop, August 22, 2019. Retrieved on February 18, 2023 from

McFarland, C., Rivett, B., Funk, K., Kim, R., and Wagner, S. (2020). State and Local Partnerships for Cybersecurity: A State-by-State Analysis. National League of Cities.

Ocampo, H. R. (2021). Municipal Governments and the Need for Cybersecurity (Doctoral dissertation).

Preis, B., and Susskind, L. (2022). Municipal Cybersecurity: More Work Needs to be Done. Urban Affairs Review, 58(2), 614–629.

Raghavan, K., Desai, M., and Rajkumar, P. V. (2020). Multi-step Operations Strategic Framework for Ransomware Protection. SAM Advanced Management Journal, 85(4), 16-2.

Texas Department of Information Resources (DIR), (2021). US Justice Department Announces Indictment Against REvil Ransomware Suspect Behind 2019 Ransomware Attack on Texas Municipalities. Cybersecurity News DIR News, November 8, 2021. Retrieved on February 18, 2023 from

Tuttle, H. and Jacobson, A. (2019). Enemy of the State: Ransomware Surges Against State and Local Governments in 2019. Risk Management, 66(11), 30-35.