Cyber Incident Victim: East Greenwich

On December 5, 2019, a ransomware attack disrupted municipal operations in East Greenwich, Rhode Island, impacting portions of the town's computer network. The incident occurred at approximately the end of the business day on Thursday, according to Town Manager Andrew Nota. While technical specifics regarding the ransomware variant and initial attack vector were not disclosed publicly, the intrusion caused immediate operational disruptions to unspecified town systems. Municipal authorities did not report data exfiltration or unauthorized access to sensitive resident information, focusing instead on the network availability impact. The attack timeline suggests rapid execution, with detection likely occurring during or immediately following the encryption phase based on the disruption timeframe. No ransom demands or threat actor affiliations were disclosed in initial reports.

East Greenwich's IT department, under the direction of an unnamed IT director, initiated incident response procedures to restore operations. Recovery efforts relied successfully on Datto backup solutions, indicating the organization maintained functional offline backups that were not compromised during the attack. The utilization of these backups prevented prolonged downtime and eliminated any necessity for ransom payment negotiations. Town leadership publicly acknowledged the cybersecurity incident but did not disclose detailed forensic findings or the exact scope of affected departments. Operational restoration timelines were not specified, though the availability of viable backups suggested a relatively efficient recovery process compared to municipalities lacking such contingency measures. The incident highlighted the critical role of backup integrity in municipal ransomware response without exposing systemic vulnerabilities or detailed remediation costs.