Cyber Incident Victim: Potter County
Date:
Apr 2019
Location:
United States of America
Summary
A Potter County government network was disrupted by multiple viruses, forcing all departments to prohibit computer usage and severely hindering operations. Over 550 employees resorted to manual processes, including handwritten court documents, mental health case filings, and law enforcement reports, while critical functions like marriage licenses, probate hearings, and jail bookings stalled. The sheriff's office relied entirely on paper-based methods for calls and reports, and the district clerk's office reduced operating hours significantly. Election systems remained functional due to physical isolation from the infected network, with administrators using tablets and a separate wireless connection as an emergency measure. County officials acknowledged inadequate preparedness for the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 19, 2019, Potter County, Texas, experienced a significant disruption when two viruses infected its computer systems, forcing a widespread shutdown. The incident was discovered when County Judge Nancy Tanner attempted to access her email that Friday morning and encountered an error indicator, prompting immediate concern. The malware affected all county departments, leading officials to prohibit over 550 employees from turning on their computers to prevent further spread. Critical operations were halted, including the county attorney’s office functions such as arraignments and trials, while probate and guardianship hearings—normally conducted online—were paralyzed. The Potter County Sheriff’s Office reverted to handwritten reports and paper-based jail bookings, as their digital systems became inaccessible. Marriage license processing also stalled, compounding the operational crisis. Judge Tanner acknowledged the county’s preparedness measures had proven insufficient, stating the incident was an “eye opener” requiring corrective action.
Response efforts included summoning additional technical personnel to diagnose and remediate the infections, with officials aiming to restore systems by the end of that week. The Potter County Elections Office activated emergency protocols, migrating operations to tablets and a standalone Verizon WiFi network to ensure uninterrupted early voting, as election equipment was never internet-connected and remained unaffected. Meanwhile, the District Clerk’s Office reduced its operating hours to 7:30 a.m. until 1:00 p.m. due to the outage. The sheriff’s office continued manual record-keeping for calls and incident reports, emphasizing the reliance on “paper and pencil” as a temporary workaround. No data theft or specific attacker details were disclosed, and the county provided no timeline for full recovery beyond the initial estimate. The incident underscored systemic vulnerabilities in the county’s IT infrastructure, disrupting judicial, law enforcement, and administrative functions for multiple days.