Cyber Incident Victim: Mad River Township Fire and EMS

In August 2017, Mad River Township Fire and EMS discovered a ransomware infection that encrypted years of data on their server. The attackers breached the system and rendered critical information inaccessible, demanding payment in Bitcoin equivalent to thousands of dollars for decryption. Chief Elmer Beard confirmed the department immediately began working on solutions to recover the encrypted data without yielding to the ransom demand. The incident compromised operational records spanning multiple years, including emergency medical services and fire response documentation. Despite efforts to negotiate or circumvent the encryption, the department remained locked out of their systems as of December 2017. No evidence indicated data exfiltration beyond the encryption itself. The ransomware’s origin and delivery method were not publicly disclosed, though the department acknowledged the attack’s sophistication hindered rapid resolution.

The prolonged data inaccessibility disrupted administrative functions and historical record-keeping essential for audits, training, and service continuity. Financial losses stemmed from recovery efforts and operational inefficiencies rather than ransom payment. Beard emphasized the department prioritized rebuilding systems over capitulating to attackers, though this approach extended the recovery timeline. The incident underscored vulnerabilities in the agency’s cybersecurity posture, particularly regarding legacy data storage practices. No collateral impact on emergency response capabilities was reported, suggesting operational continuity through manual or analog workarounds during the outage. The department’s refusal to pay aligned with contemporary law enforcement guidance but resulted in permanent data loss for records lacking backups.