Local governments in Colorado, Pennsylvania and Missouri dealing with ransomware

Multiple local governments are dealing with cyberattacks, including ransomware incidents, this week, causing outages and problems for county hospitals, libraries and other local services.

Bucks County, Pennsylvania — home to nearly 650,000 people — said on Wednesday that it is still grappling with a cybersecurity incident that has knocked out the Emergency Communications’ Department’s computer-aided dispatch (CAD) system.

It is used by the local fire department, police department and emergency services. The New Hope Free Press reported that the county 911 operation — which went down on Sunday — manages emergency calls for about 130 departments across the county.

The system helps dispatchers and first responders with incident documentation, forcing officials to use pen and paper while receiving and dispatching 911 calls. The 911 phone system is still operational and first responder radio systems still work, but officers complained of not being able to use the terminals and apps located inside vehicles.

“I want both the public and our first responder partners to know that our 911 system is up and running – If you call us for an emergency response, our dispatchers will get you the help you need,” said Bucks County Emergency Services Director Audrey Kenny. “The County has partnered with state and federal agencies, and has retained best-in-class incident response professionals to assist in our ongoing investigation.”

Sources told New Hope Free Press that the CAD system has troves of sensitive information about thousands of people and incidents, and that the issue was likely a “ransomware-type attack.” The Pennsylvania National Guard has been called in, according to the news outlet, which noted that there is currently no timeline for when the issue will be resolved.

County officials did not respond to requests for comment about whether it was a ransomware attack or if other county systems were affected. On Friday, all scheduled court proceedings were postponed.

Another community in Pennsylvania — Washington County — also reported a cybersecurity incident this week. The county’s court system said it is “currently experiencing network outages.”

“These outages are impacting the Court. Online access to court services and court records may be affected during these outages,” the court system said in a statement.

Local news outlets said government officials were warned on Wednesday morning to shut down their servers by the Cybersecurity and Infrastructure Security Agency (CISA).

“We received confirmation about 3 a.m. that there was a phishing expedition taking place on our servers in Washington County,” County Commissioner Nick Sherman told WPXI.

“Normally reports like this come from our IT department, but our IT department reached out to me to say it came from Homeland Security. At that time we shut down our servers and our servers continue to be shut down.”

Ransomware was behind several other incidents reported by local governments this week.

The Kansas City Area Transportation Authority (KCATA) said it was hit with ransomware on Tuesday, prompting them to contact the FBI and other law enforcement agencies.

“The primary customer impact is that regional RideKC call centers cannot receive calls, nor can any KCATA landline,” the agency explained on Wednesday.

“KCATA is working around the clock with our outside cyber professionals and will have systems back up and running as soon as possible.”

The public transit agency runs multiple bus systems and served more than 10.5 million rides in 2022 — or about 40,000 each day. The organization is run equally by officials in Kansas and Missouri.

The agency said on Wednesday that all of their services are still operational and provided phone numbers for those in need of certain services.

Ransomware was also the culprit behind a cyberattack on Douglas County Libraries in Colorado.

A spokesperson for the library told Recorded Future News that they experienced “temporary catalog and service outages” due to a ransomware attack that was initially discovered on January 14.

After discovering suspicious activity, they took their network offline, affecting several of the services they offer.

“We also quickly launched an investigation into the issue with the support of external cybersecurity specialists, and this investigation remains ongoing at this time,” a spokesperson said.

“Though we are in the process of restoring our systems, all our branches are open to customers… We remain committed to providing the community with exceptional library services to the best of our ability during these outages.”

CBS Colorado reported that the group behind the incident was the Play ransomware gang, an international organization responsible for attacks on a large Spanish bank, the Swiss government, Dallas County, Stanley Steemer, a local transit system in Virginia and others.

The FBI and other U.S. agencies said in December that the group was behind more than 300 successful incidents since June 2022.

Library officials declined to tell CBS Colorado whether they planned to pay the ransom but said all negotiations are being handled by their cyber insurance company.