Several counties in the United States are facing the wrath of ransomware – with one confirming hundreds of thousands were impacted in a late 2023 attack and the other declaring an attack from earlier this week as a “local disaster.”
Last year, 95 ransomware attacks on local governments were reported, according to Emsisoft. There have already been more than 50 reported attacks on cities and counties this year with the most prominent ones being Washington, Miami, Fulton, Kershaw, Hidalgo, Gallup-Mckinsley, and Los Angeles.
Dallas County October Ransomware Attack Exposed Data of 200,000 People
In October 2023, the Play ransomware gang claimed to have stolen data during an attack on Dallas County systems. The county publicly acknowledged the incident and assured the public that they successfully contained the damage caused in the incident.
“Due to our containment measures, Dallas County interrupted data exfiltration from its environment and effectively prevented any encryption of its files or systems,” the county said, at the time.
However, it also said that it was in process of assessing the nature of the exposed information when Play published it. As the review process was extensive, Dallas County provided details of the actual impact only on Wednesday in a filing with the Maine Attorney General and sent data breach notices to 201,404 impacted individuals.
The types of data confirmed to have been exposed could contain full name, Social Security number (SSN), dates of birth, driver’s license, state identification number, taxpayer identification number, medical information, and Health insurance information.
There are several reasons as to why the Dallas County might hold such sensitive information. It said, “You could be a resident, an employee, or you might have received services from or interacted with one of our agencies (e.g., Department of Health and Human Services). Additionally, the County participates in data sharing agreements with other organizations to enhance the services we offer to our residents and the public.”
Ransomware Attack Forced Indiana County to File a Local Disaster Declaration
Clay County, Indiana, a rural community of roughly 25,000 residents, declared a local disaster Thursday after a ransomware attack crippled critical government services.
The attack, discovered early Tuesday morning, rendered county data inaccessible and severed electronic connections with state partners hindering essential operations at the Clay County Courthouse, Community Corrections, and Clay County Probation.
“We cannot access our data or electronically connect with some of the state partners we work with for many of our tasks,” Clay County commissioners revealed in a local press conference.
County officials immediately contacted local and federal law enforcement to investigate the incident. The Clay County Courthouse and Health Department remained shuttered throughout Tuesday and Wednesday.
While the 911 system remained operational, non-emergency lines experienced temporary disruptions that have since been rectified. As of Thursday afternoon, the Clay County website is also unavailable.
This incident comes on the heels of a similar attack on neighboring Monroe County, Indiana. Earlier this week, Monroe County commissioners confirmed that the BlackSuit ransomware gang targeted their systems, potentially compromising personal information of its 140,000 residents.
BlackSuit is a rebranded version of the Royal ransomware group also responsible for a crippling attack on the Dallas city government last year. The group recently targeted Cedar Falls, Iowa. However, city officials there were able to thwart the attack before significant damage occurred.
Cedar Falls officials reported the incident to the FBI and assured residents that city services remained unaffected. BlackSuit claimed to have stolen employee data and county business information during the attack.
This recent string of attacks underscores the growing threat posed by ransomware gangs, particularly to smaller municipalities with potentially less robust cybersecurity defenses.
The Clay County and Monroe County incident highlights the critical need for local governments to prioritize cybersecurity preparedness and invest in robust incident response plans to minimize disruption and safeguard sensitive data.
