Cyber Incident Victim: Mower County
Date:
Jun 2025
Location:
United States of America
Summary
Mower County experienced a ransomware attack that forced officials to shut down most of its systems while IT staff conducted forensic imaging and worked with third‑party cybersecurity consultants to restore services. Emergency services remained operational, a temporary non‑emergency law enforcement line was established, and state and federal authorities were notified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of June 18, 2025, Mower County IT specialists detected a ransomware attack on the county’s network and immediately informed county administrator Matthew Verdick. Out of an abundance of caution, the decision was made to take most county systems offline to prevent further spread while the incident was investigated. Verdick announced that the county hoped to have most functions restored by Friday, June 20, 2025, and noted that forensic imaging of the affected systems was already underway. He emphasized that the shutdown was a precautionary measure to allow responders to safely assess the scope of the compromise.
While the majority of administrative and service systems were shut down, the county confirmed that 911 fire and emergency response resources remained operational throughout the incident. To maintain public safety communication, a temporary non‑emergency law enforcement telephone number, 1‑507‑279‑0203, was activated and publicized for residents needing assistance while the primary networks were offline. The administrator’s statement acknowledged that the disruption would affect residents conducting business with the county and expressed a commitment to minimize those impacts as recovery efforts continued. He also thanked the public for their patience during the ongoing response.
Mower County engaged nationally recognized third‑party cyber security and data forensics consultants to assist with the investigation and restoration process, and simultaneously notified state and federal law enforcement agencies of the attack. The consultants and county IT staff continued to work on safely restoring services, conducting forensic analysis, and verifying the integrity of systems before they were brought back online. Verdick’s statement noted that while progress was being made, additional work remained necessary to fully resolve the incident. He concluded by reiterating the county’s gratitude for community understanding and its dedication to returning normal operations as quickly as possible.