Cyber Incident Victim: Bardstown Connect
Date:
Sep 2022
Location:
United States of America
Summary
A ransomware attack disrupted a city-operated ISP, causing widespread internet and email outages affecting residents, businesses, and municipal operations. Services were partially restored within 18 hours, though intermittent disruptions persisted for days, forcing businesses to halt credit card transactions and emergency services to rely on alternative communication methods. The incident investigation involved external cybersecurity experts and law enforcement, with no ransom paid. Restoration efforts prioritized customer-facing systems while municipal operations adapted using manual processes. The city implemented enhanced security measures, including threat monitoring and password changes, amid ongoing recovery of internal systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 2, 2022, the City of Bardstown, Kentucky, detected a network disruption in the early morning hours, impacting municipal operations and forcing several information systems offline. The city’s IT team activated containment protocols and engaged external cyber forensics experts to investigate. By September 8, officials confirmed the incident was a ransomware attack targeting Bardstown Connect, the city-operated internet service provider (ISP) serving approximately 13,000 residents and local businesses. The initial outage lasted 18 hours, disrupting internet access and email services hosted by the city. Critical municipal functions, including the Nelson County Sheriff’s office, were forced to rely on AT&T hotspots and relay calls through Kentucky State Police infrastructure due to connectivity loss. Businesses reported financial losses during the Labor Day holiday weekend, as the outage prevented credit card processing for tourism-dependent establishments. Bardstown Connect’s Facebook updates indicated intermittent service restoration challenges throughout the following week, with email services requiring password resets for customer access.
City personnel and cybersecurity contractors worked continuously to restore services, prioritizing residential and commercial internet access and email functionality. By September 8, most Bardstown Connect customers had regained internet service, and all municipal-hosted email accounts were operational. The city acknowledged ongoing efforts to restore remaining affected systems, including internal back-office operations, though day-to-day government activities continued using paper records and analog backups. Mayor Dick Heaton confirmed no ransom was paid and disclosed collaboration with cybersecurity firm Kroll, local law enforcement, the FBI, and the Department of Homeland Security for forensic analysis. Security enhancements included deploying advanced threat monitoring systems, changing system passwords, and network hardening measures. The city offered service reimbursement to customers experiencing outages exceeding 24 hours and advised vigilance regarding credit reports and identity theft via FTC resources. Officials cautioned residents about potential intermittent outages during recovery, emphasizing efforts to minimize further disruptions.