Image: Tom Sawyer via Flickr

Wisconsin county dealing with ‘catastrophic software failure’; California city declares ransomware emergency

Ransomware continues to plague regional governments in the U.S., with a Wisconsin county announcing a “catastrophic software failure” following an alleged LockBit ransomware attack, and a California city declaring a state of emergency over a cyber incident that began last week.

Government agencies in northern Wisconsin’s Langlade County shared urgent messages on social media on July 11 warning that they were dealing with severe technology failures. The issues were not attributed to a cyberattack but the LockBit ransomware group added the county to its list of victims this weekend, threatening to leak all data stolen from the government by August 1.

“Langlade County Sheriff’s Office is experiencing a catastrophic software failure. All phone lines are non-functioning. 911 calls for assistance will be rerouted and handled,” the local sheriff’s office said last week, providing a temporary phone number for those in need of assistance.

Image: A posting by LockBit to its leak site.

Alerts were shared by the Langlade County Health Department, Langlade County Emergency Management and the police department of county seat Antigo. None of the agencies responded to requests for comment about whether they were also dealing with technical issues related to the issues facing the sheriff’s office.

The county has a population of about 20,000 people.

While news in recent weeks has centered on ransomware gangs like Clop and Black Cat, LockBit has continued its unprecedented run of attacks on organizations Two weeks ago the gang made waves with a $70-million ransom demand after attacking a supplier for one of the world’s largest chip manufacturers.

U.S. agencies recently said LockBit has claimed responsibility for at least 1,653 ransomware attacks, based on victims posted to its leak site, and brought in at least $91 million in ransoms from U.S. victims since its first reported attack in the country in January 2020.

The group has made a point of going after local governments, launching attacks on small towns in Colorado, Florida and Ohio, as well as larger cities like Oakland.

Just south of Oakland, the city of Hayward discovered a ransomware attack last week, although no group has yet claimed it. The city council officially declared a state of emergency on Thursday, which “allows for greater flexibility in executive decision-making, deployment of City employees, and acquisition of needed equipment, supplies and other resources.”

“It also can be a prerequisite to and streamline reimbursement of certain costs associated with responding to the incident,” the Hayward City Council said.

“Since discovery of the cyber intrusion early Sunday morning, the City has maintained essential services, including 9-1-1 emergency dispatch, police, firefighter and emergency-medical response, water and sewer operations, and maintenance services. Access to the City website and email traffic into City offices have been restored after being turned off as precautionary measures.”

Last week, Hayward City Manager and Emergency Services Director Kelly McAdoo explained that she determined an emergency declaration is warranted “by virtue of the extreme peril to the safety of persons and property in the City caused by a cybersecurity attack, including attempts to disrupt and hold hostage aspects and components of City computer systems and networks.”

The resolution approved last week lasts for seven days, giving officials time to mobilize larger forces to address the cyberattack.

The city of more than 160,000 residents was forced to shut off its website and several online municipal portals in response to the cyberattack

While some city websites have been restored many are still struggling to come back online.

Emsisoft ransomware expert Brett Callow said at least 47 local governments in the U.S. have been impacted by ransomware this year. In addition to the attack on Hayward, the Utah city of West Jordan and North Carolina’s Cornelius both faced cyber incidents related to ransomware.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.