Cyber Incident Victim: Lake George Land Conservancy

The Lake George Land Conservancy experienced a ransomware attack in September 2020, which was publicly disclosed through a letter posted to the organization’s website on September 23. The nonprofit, dedicated to preserving land around Lake George, identified the security breach but did not specify the exact date of initial intrusion or the method of initial compromise. Upon discovery, the organization activated its incident response protocols, leveraging existing backups to restore affected systems without engaging with the attackers or paying any ransom demand. The conservancy’s recovery strategy relied entirely on its backup infrastructure, indicating preparedness for such an event. No details were provided regarding the specific ransomware variant involved, the attackers’ identity, or whether data exfiltration occurred prior to encryption. The incident did not disrupt the conservancy’s core operations irreversibly, as restoration efforts proceeded systematically.

Following the attack, the conservancy initiated upgrades to its server infrastructure to strengthen defenses against future incidents. These post-incident enhancements focused on mitigating vulnerabilities exploited during the breach, though the technical specifics of the upgrades were not disclosed publicly. The organization’s public communication emphasized operational recovery rather than financial or data loss impacts, suggesting no significant long-term operational or reputational damage. The conservancy’s reliance on backups as a primary recovery mechanism underscored the effectiveness of its pre-existing contingency planning. No law enforcement involvement or regulatory penalties were mentioned in available reports. The incident concluded with the organization resuming normal operations after completing restoration and server upgrades, demonstrating a contained response without further escalation.