A number of the targets of Friday's ransomware attacks are back to normal operations, the Texas Department of Information Resources said.
The department said more than a quarter of the targets have "transitioned to remediation and recovery." It also said the number of local government entities affected is down from 23 to 22.
The department initially reported Friday that a coordinated ransomware attack affected at least 20 local government entities in Texas. The targets are not being identified as the investigation proceeds. A spokesman for Austin's Office of Homeland Security and Emergency Management told KUT over the weekend that the city was not impacted by the cyberattack.
Elliott Sprehe, a spokesman for the DIR, said the areas impacted are predominantly rural and that evidence continues to point to a "single threat actor."
The Panhandle city of Borger and Dallas suburb of Keene said on their Facebook pages that they were among the victims, according to The Associated Press. Borger officials said the attack prevented employees from accepting payments and accessing records, including birth and death certificates.
Keene Mayor Gary Heinrich told NPR the hackers broke into the IT software the city uses, which is managed by an outsourced company.
"A lot of folks in Texas use providers to [run their IT systems] because we don't have a staff big enough to have IT in house," he said.
He said the attack impacted "just about everything we do at City Hall."
Heinrich told NPR the hackers want a collective ransom of $2.5 million, but there was no way his city would be paying anything.
"Stupid people," he said. "You know, just no sense in this at all."
Sprehe said he was "not aware" of any of the cities paying a ransom.
The DIR said the Texas Division of Emergency Management was coordinating support from other state agencies through the Texas State Operations Center at DPS headquarters in Austin.
DIR said the Texas Military Department and the Texas A&M University Systems' Cyber-Response and Security Operations Center teams were deploying resources to "the most critically impacted jurisdictions."
This post has been updated.