Municipal Ransomware Attacks 2019

Municipal Ransomware Attacks

Municipal ransomware attacks took the stage in an unprecedented way in 2019. Not only was the use of ransomware by cybercriminals more prevalent, but it was more sophisticated. 

New iterations of Ryuk, Purga, and Stop ransomwares were leveraged against everyone from the small business owner to government entities.

What got the attention of the federal government in 2019 was the predominant focus on one segment of our society, the municipal government.

In one of its many ransomware articles, antivirus developer, Kaspersky, tells us that city halls and municipal centers accounted for around 29% of cases (of ransomware attacks) in 2019.

How Many Ransomware Attacks were there in 2019 on Municipalities?

It’s difficult to put together a comprehensive list of ransomware attacks from 2019.


Because numbers vary and are unreliable. There is no standardized reporting for current ransomware attacks from 2019, and many municipalities are happy to not publicize the fact that they were breached.

The Wilmer Texas Ransomware Attack

One of the recent ransomware attacks in 2019 was in August in the town of Wilmer, Texas.

Wilmer (along with 22 other Texas small to mid-size towns) were successfully targeted by ransomware simultaneously.

The ominous message, “Your files have been encrypted” showed up against the blue screen of death on hundreds of computers in dozens of municipal offices all across the state.

Unfortunately, this wasn’t an isolated ransomware attack in 2019.

Because municipalities handle confidential data, are unprepared/vulnerable, and have the ability to pay, they have become a predominant target of choice for lone-wolf hackers, cybercriminal syndicates, and rogue-states like Iran and North Korea.

Many towns, cities, and municipalities don’t have managed cybersecurity services that are automated and monitored by high-level IT security professionals.

Many municipalities’ IT environments aren’t subject to regular risk assessments, continuous vulnerability scanning, or integrated monitoring and reporting. This is one of the reasons that the list of ransomware attacks in 2019 is so high. 

As a result, Congress is working on some funding in H.R.1158 – Consolidated Appropriations Act, 2020 for municipalities to prepare for and combat ransomware.

Here Are Just a Few of the USA Towns and Cities That Experienced a Ransomware Attack in 2019

  • Baltimore, Maryland
  • Atlanta, Georgia
  • Albany, New York
  • Laredo, Texas
  • Greenville, North Carolina
  • New Orleans, Louisiana
  • Lake City, Florida
  • Pensacola, Florida
  • Kaufman, Texas
  • Riviera Beach, Florida
  • New Bedford, Massachusetts
  • St. Lucie Florida

How Successful Were Municipalities in Handling These Recent Ransomware Attacks?

In the Texas ransomware attack mentioned earlier, there was a range of outcomes. Lubbock County offices caught the ransomware attack and responded within 40 minutes, saving themselves a lot of headaches.

However, the city of Borger wasn’t so fortunate and the ransomware went unchecked, taking down their business, citizen services, and financial infrastructure.

The FBI, DHS, and other agencies were brought in under a Level 2 Escalated Response to help the afflicted towns and to try to ascertain the person or persons responsible for the attack.

Reporting is scarce on the totality of the response by impacted municipalities. But it is apparent that a few were able to respond quickly enough to avoid catastrophic intrusion of the ransomware, some paid the criminals, and others rebuilt their systems from scratch.

Pensacola, Florida

The ransomware attack that hit the Florida municipality of Pensacola was comprehensive. Every department from sanitation to taxation was impacted.

Pensacola officials won’t say whether or not the city paid the one million dollar ransom demanded by the hackers. However, it has come to light that a $140,000 contract was awarded to Deloitte to determine what went wrong and how to respond.

This was a ransomware attack Florida residents were on the hook for financially, as are most of the municipal ransomware attacks.

Greenville, North Carolina

In this attack, 800 of Greenville’s municipal computers were locked down by the ransomware.

It seems from reporting that the point of entry was the Greenville police department.

Greenville refused to pay, and a significant remediation and rebuilding response aided by state and federal agencies was required.

Atlanta, Georgia

Atlanta was one of the more significant recent ransomware attacks. This attack took down everything from the city’s financial system to the court system.

Although the exact response of Atlanta to the $51,000 Bitcoin ransom demand is somewhat murky, it has been confirmed that Atlanta paid out $2.7 million to cybersecurity consulting agencies and other crisis management firms in the days and weeks after the attack.

Recovery took over a year and total recovery costs are reported to be in excess of $17 million.

New Orleans, Louisiana

The New Orleans attack also was first detected within their police department IT system. 

Fortunately, the attack took place in the early morning and damage was limited before noon that day.

The fallback plan of New Orleans to the ransomware attack was to utilize the response systems already instituted for network outages during hurricanes.  

Unlike other ransomware attacks, New Orleans officials reported that there was no ransom demand.

KLFY reports that the recovery cost was more than the $3 million in insurance that New Orleans had in place and that the city has since moved to a $10 million policy.

Baltimore, Maryland

$80,000 in Bitcoin was the ransom demand as criminals brought thousands of Baltimore city’s computers to a standstill.

City leaders decided not to pay the ransom, but instead chose to go the route of remediating and rebuilding.

This recovery effort cost more than six million dollars.

Unfortunately, the remediation and rebuilding took time. During those days portions of the citizen services of the city were shut down.

St. Lucie, Florida

St. Lucie was among the government ransomware attacks in late 2019.

This attack, like the others impacted the police department first.

The first targets of the ransomware within the Sheriff’s office were the systems housing background checks and department emails.

The FBI was called in to investigate, as they are in almost all of these circumstances. In this case, a ransom demand was made, but St. Lucie officials have stated that they would not pay.

The police department computers were down for more than six days and systems were brought online and tested one by one throughout the recovery process.

New Bedford, Massachusetts

July 4 was a fortunate day for New Bedford. Government offices were closed for the holiday and only 4% of city computers were online.

However, the cybercriminals were not taking a holiday and demanded $5.3 million for the keys to decrypt the data that the ransomware had scrambled.

New Bedford officials took a unique approach to the situation. Instead of paying the $5.3 million, they negotiated with the criminals, offering $400,000.

During the negotiation, cybersecurity professionals hired by the city worked feverishly to restore data and rebuild systems.

Ultimately, New Bedford reported to the public that the ransomware criminals were not paid, but that the $400,000 was instead used to pay the technicians who helped restore their systems.  

What Do the Municipal Ransomware Attacks of 2019 Demonstrate?

  • The lack of ransomware readiness on the part of thousands of towns, cities, and counties across the USA
  • The critical nature of security updates on municipal systems
  • The necessity of leveraging VPN for remote network access
  • The urgency of implementing a comprehensive automated cybersecurity solution
  • The importance of updating operating systems
  • The essential task of onsite and cloud backups
  • The neglect of employee cybersecurity training

Helical can help with guaranteed ransomware protection.

Leave a Reply