City governments in Michigan, New York face shutdowns after ransomware attacks

Multiple U.S. city governments  are dealing with ransomware attacks this week, disrupting services and forcing officials to close facilities  in response.

On Wednesday, Michigan’s Traverse City and New York’s Newburgh both announced cyber incidents and warned residents that they cannot handle some payments for things like taxes, water and permits. 

Traverse City — the most populous city in Northern Michigan with about 30,000 residents — said officials with Grand Traverse County discovered network irregularities on Wednesday morning and eventually made the decision to take all county and city networks offline. 

Grand Traverse County manages the IT network for both the county and Traverse City. City manager Liz Vogel said their priority is safeguarding data and ensuring continuity of essential services.

The FBI and Michigan State Police are now involved in the recovery effort but county and city networks will be offline for the foreseeable future. 

Emergency services like 911, police and fire are unaffected, but in-person payments for city services are unavailable. Residents are being urged to either delay in-person payments or use online portals to pay things like bills or taxes. Online payment systems were not affected by the attack because they are managed on third-party platforms. 

“Our IT Department was swift in their actions to isolate this incident and shutdown the networks at the County and City,” said Nate Alger, Grand Traverse County Administrator. “We will continue to work with our partners to learn more about the impacts and provide the least amount of disruptions to the general public as possible.”

The city and county government websites are hosted on separate servers that were not affected, allowing them to stay online. Grand Traverse County has about 100,000 residents. 

Newburgh City Hall closed

The city of Newburgh, New York, announced its own cyber incident this week that forced it to shut down City Hall through Thursday.

The cyberattack was discovered on Monday and Newburgh’s government is completely unable to process or accept payments for things like property taxes, water, sewer, sanitation, permit fees, or parking tickets.

In an update on Wednesday, officials said City Hall and other government offices would be closed to the public. 

“We have retained outside IT experts and other professionals who are working around the clock with the City to fully restore operations,” the city said. 

“You may continue to use existing phone and email to contact City departments, but please be advised that the security incident may have impacted both phone and email systems, which may result in delayed delivery of messages and response times.”

Emergency services are fully functional and were not affected by the attack, the city said. Newburgh is about an hour north of New York City and has a population of 30,000 people. 

The attacks on Newburgh and Traverse City occurred the same week as Cleveland — one of the largest cities in the Midwest — similarly dealt with a ransomware attack.

A spokesperson for Cleveland’s government told Recorded Future News in an email that City Hall would be reopening on Wednesday after days of being closed.

The spokesperson declined to answer several questions about what city services were affected by the attack, whether data was stolen and more. 

“We will not be releasing any details that may compromise the ongoing investigation of this incident,” the spokesperson said. 

While 2023 saw major ransomware attacks on large cities like Oakland and Dallas, 2024 has already had incidents involving Wichita, Birmingham, Pensacola, Jacksonville Beach and more.

Emsisoft threat analyst Brett Callow tracks ransomware attacks on U.S. governments and said so far, there have been 50 in 2024, not including the attack on Newburgh. Throughout all of 2023, there were 95 confirmed ransomware attacks on U.S local governments, according to Emsisoft.