Thousands impacted by cyberattacks on governments in Ohio, Oklahoma, Puerto Rico

Cybercriminals targeted government systems in Ohio, Oklahoma and Puerto Rico over the past week, limiting critical services for thousands. 

The city of Durant, home to more than 20,000 Oklahomans, said on Sunday that it was hit with ransomware. The city’s website is down as of Tuesday afternoon and officials wrote on Facebook that they are working with law enforcement to contain the issue while restoring operations. 

“Some services — including digital and credit card payments — are still being impacted,” the city said, adding that more information would be released as the investigation progresses. 

The local police department said its communication center is also experiencing network outages but noted that emergency services are still operational through 911. They warned that wait times will likely be longer than normal due to the outage and call volume. 

Durant, about an hour and a half north of Dallas, is the capital of the Choctaw Nation and is the largest settlement on the reservation.

Multiple Native American governments have been attacked by ransomware gangs this year, including tribes in Minnesota and Michigan. Both of the previous attacks were eventually claimed by the RansomHub ransomware gang. 

Ransomware attacks can take weeks for municipalities to recover from. The City of Abilene is still dealing with the fallout of a ransomware incident that began on April 18 and caused a full network shutdown. Official’s published a lengthy post mortem this week, explaining that they spoke to the ransomware gang and were threatened with the leak of 477 GB of data on the Texas city’s 130,000 residents. 

The city eventually decided against paying a ransom but is now embarking on the painstaking process of replacing all the network infrastructure, including servers, storage and all the desktops and laptops. 

“We're currently in this pattern of waiting to see if and when they're going to publish the data,” senior city official Mike Perry said. “There's not a lot more dialog to be had because we've told them we're not going to pay the ransom.”

The Abilene IT director said they hope to be at full functionality in a few months.

The attack on Durant took place two days after another local government reported severe impacts from a cyberattack.

Lorain County, which has more than 315,000 residents and is located 30 minutes west of Cleveland, said a network security incident knocked dozens of government systems offline. 

In multiple social media warnings, the county government said its commissioners recently became aware of the disruption that forced them to take affected systems offline. 

While emergency services were still available, multiple court systems were knocked offline and the county warned that operational hours may change as the restoration effort evolves. 

The courts were able to reopen on Sunday and the county said it has hired cybersecurity experts to conduct an investigation into what happened. 

The attack on Lorain County comes just four months after Cleveland Municipal Court was shut down for weeks following a ransomware attack. The city of Columbus, Ohio was also the victim of a ransomware attack last July, resulting in exposure of information of more than 500,000 current and former residents.

Puerto Rico incident

Alongside multiple local governments affected by cyberattacks, the Justice Department of Puerto Rico sent a statement to local news outlets informing the public of a cyberattack.

The Justice Department did not respond to requests for comment but the notice said the Puerto Rico Department of Justice and Puerto Rico Innovation and Technology Service were jointly warning of a cyberattack impacting the Criminal Justice Information Office.

Officials said the investigation is ongoing but that protocols were initiated to “contain” the attack. 

“As part of the preventive measures, and with the aim of safeguarding the integrity of the information, it has been determined to temporarily suspend some services, including the issuance of the criminal record certificates,” the department said. 

“The restoration of the affected systems will be carried out only when we have certified that the environments are secure and that the integrity of the data is guaranteed.”

U.S. officials at the FBI and Cybersecurity and Infrastructure Security Agency did not respond to requests for comment about whether they are involved in the response to the incident.

Both agencies previously helped Puerto Rico respond to a cyberattack on the agency that manages Puerto Rico’s water supply.