SAN ANTONIO – The Bexar County Appraisal District confirmed Monday that it has become the victim of a ransomware attack.
The attack happened Sunday at 10 a.m., and soon after, the staff noticed suspicious activity and logged in to check it out.
“Recovery efforts began almost immediately. We also notified the FBI,” said BCAD Assistant Chief Appraiser Scott Griscom.
Griscom said there was a ransom note, but hackers didn’t demand an amount of money and didn’t leave contact information.
When asked how it happened, Griscom said, “It doesn’t appear that someone actually clicked a link to initiate it but it does appear it came through email. As far as additional forensics we are still trying to determine that.”
Griscom said after an initial assessment, it looks like hackers were not able to gain access to the appraisal records database, which has all the public’s sensitive property information.
“Our email servers are down at this point. And a few other crucial systems,” Griscom said.
In scheduling the interview with KSAT, staff had to use a gmail address they set up because their whole email system is still down.
Other than sending and receiving emails, Griscom said the public shouldn’t see many effects right now, but he’s asking for patience.
“Our website is still available and is unaffected so the public can use it. Our phone system is working with no problem so people can call,” he said.
Griscom said it could take one or two days to restore damaged files and get all systems back up and running.
In the meantime, he has a message to all businesses, government offices, and individuals.
“Back up your data,” he said.
When asked if their office backs up their data, Griscom said, “Absolutely. That’s what we’re using to restore our functionality. Absolutely we back up a lot,” Griscom said.
He said the attack happened to his office despite layers of security and training, and it could have been much worse.
“We go through annual cybersecurity training. We just finished that recently, in fact,” he said.
Griscom said it’s a constant battle to stay protected from hackers.
“Unfortunately, they are so fluid in how quickly they change, that even with the fact that we have significant protections on our network, it’s difficult to keep up with. We do our best, but its still difficult to keep up with,” he said.
Griscom said he will continue to update the public as they find out more about the attack