Missouri county home to Kansas City says suspected ransomware attack affecting tax payments

One of the largest counties in Missouri confirmed on Tuesday that it is dealing with a suspected ransomware attack affecting tax payments and online property, marriage licenses and inmate searches.

Jackson County — which has 715,000 residents and is home to part of Kansas City — said it has “identified significant disruptions within its IT systems, potentially attributable to a ransomware attack.”

“Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal,” officials said in a statement. 

The offices handling assessments, collections and deeds across the county will be closed “until further notice.”

The Kansas City Board of Elections and Jackson County Board of Elections are not affected by the attack. 

Law enforcement agencies are involved in the response and security contractors have been hired to remediate the outages. 

“We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities and identify the root cause of the situation,” county officials said. “While the investigation considers ransomware as a potential cause, comprehensive analyses are underway to confirm the exact nature of the disruption.”

The county did not respond to questions about whether the group behind the incident identified itself or if a ransom has been issued, but the statement claims they are taking action to make sure more systems are not compromised. 

Officials acknowledged the impact of the office closures on residents and said they will continue to provide updates..

The county wrote on Facebook that its staff members initially discovered the incident on Tuesday morning.

Multiple governments and prominent organizations in Missouri have dealt with ransomware over the last year — including several in the Kansas City area. 

Liberty Hospital was forced to move patients to other hospitals during a ransomware attack in December and the Kansas City Area Transportation Authority (KCATA) said it was hit with ransomware in January. 

Ballwin, Missouri – a town of 31,000 about 30 minutes west from the center of St. Louis – told Recorded Future News in April 2023 that it was dealing with its own ransomware incident. St. Louis’ Metro Call-A-Ride service for people with disabilities was also attacked by ransomware gangs last year. 

Agencies across St. Louis County were thrown into chaos last year after the county’s Regional Justice Information System — known as REJIS and also used by counties in Kansas and Illinois — suffered an incident that brought the system down, affecting all of the county’s police officers, jails, municipal courts and attorneys.

The county was forced to book and release people from jail using paper records, and county officials wrote on Facebook that all court cases scheduled in St. Louis County Municipal Court were canceled for multiple days.