Indiana county files disaster declaration following ransomware attack

Multiple governments across the U.S. are dealing with the after effects of ransomware attacks — with one issuing a disaster declaration after services were knocked offline.

In a statement on Thursday, officials in charge of Clay County, Indiana filed a local disaster declaration following a ransomware attack that “resulted in an inability to provide critical services required for the daily operation of all offices of the Clay County Courthouse, Community Corrections, and Clay County Probation.”

The declaration allows county officials to marshall financial resources to the departments affected and take immediate action to address impacted operations. 

Clay County — home to about 25,000 people in southern Indiana — previously warned that it discovered “unauthorized activity” at around midnight on July 9. The county confirmed it was a ransomware attack.

“We cannot access our data or electronically connect with some of the state partners we work with for many of our tasks,” county commissioners said in a press release issued to local news outlet The Brazil Times.

Local and federal law enforcement agencies have been contacted, officials said. All Clay County Courthouse offices and the Clay County Health Department were closed on Tuesday and Wednesday. 

The county on Wednesday said the courthouse will be closed for the foreseeable future and provided instructions for rescheduling court cases.

The county’s 911 system was never affected but they acknowledged that there was an initial disruption to non-emergency lines that has since been resolved. The county website is currently down as of Thursday afternoon. 

The press release noted that the next county over — Monroe — also recently dealt with a ransomware attack. Monroe county commissioners said on Monday that the attack was done by the BlackSuit ransomware gang and warned the county’s 140,000 residents that personal information may have been accessed. 

BlackSuit hackers were also behind an attack on Cedar Falls, Iowa three weeks ago that was stopped before significant damage could be done. City officials said last week that they discovered the ransomware attack on June 19 and an investigation is ongoing but that it did not affect their ability to provide services. 

“Following a short period of controlled downtime, all affected services have been restored at this time,” the city said, adding that it reported the incident to the FBI and will notify the public if any of the city’s 40,000 residents were impacted. 

The ransomware gang said it stole employee data and county business information like contracts and agreements. 

BlackSuit is a rebrand of the Royal ransomware group that launched a devastating attack on the city government of Dallas last year. 

Dallas County warning

On Wednesday, Dallas County, Texas confirmed that 201,404 people had sensitive data exposed during a separate ransomware attack in October 2023. At the time, county officials told Recorded Future News that they were able to stop a ransomware gang from exfiltrating data and encrypting their systems.

But they later revealed that the hackers — part of the Play ransomware gang — were able to steal about 5 GB of data from systems run by the county, the second most populous county in the state. 

The county warned residents and government employees this week that it recently completed its investigation into the incident and determined that a range of data was exposed. The county held data on people for a variety of reasons ranging from local residency to receiving services from county departments like Health and Human Services. 

The county also “participates in data sharing agreements with other organizations to enhance the services we offer to our residents and the public” — potentially exposing even more information. 

The information varies based on the individual but the county said the incident primarily involves names, Social Security numbers, dates of birth, driver’s license/state identification numbers, and taxpayer identification numbers. 

For some people, medical information on health insurance or specific diagnoses were included in the breach. 

Ransomware attacks on local governments are already on pace to surpass the 95 confirmed attacks reported last year, according to Emsisoft. There have already been more than 50 reported attacks on cities and counties in New York, Michigan, Kansas, Alabama, Florida, California, Missouriand more.