Cyber Incident Victim: Morgan County
Date:
Feb 2021
Location:
United States of America
Summary
Morgan County in Missouri experienced a ransomware attack by the DoppelPaymer group, which compromised the County’s computer systems. The attackers exfiltrated sensitive documents and subsequently published a portion of the stolen data on the dark web as part of their extortion tactics. This incident highlights the group’s pattern of targeting government entities to leverage stolen information for financial gain.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Morgan County, Missouri experienced a cyberattack attributed to the DoppelPaymer ransomware group, with the incident becoming public on February 25, 2021. The attackers compromised the county’s computer systems and exfiltrated sensitive documents during the breach. DoppelPaymer subsequently published a portion of the stolen data on the dark web, marking the first known release of information from this attack. The published materials included undisclosed sensitive documents, though the exact nature and volume of the exfiltrated data were not detailed in available reports. The attack positioned Morgan County among multiple government entities targeted by this ransomware operation.
The public disclosure occurred through DoppelPaymer’s dark web leak site, a common tactic used by the group to pressure victims into paying ransoms. No specific ransom demands or payment status were confirmed in the available reporting. The breach exposed sensitive county information, potentially impacting operational security and public trust. The full scope of compromised systems, data types, and restoration efforts remained unspecified in the sourced material. Morgan County’s incident response measures and remediation timeline were not described in the disclosed details of the attack.