Cyber Incident Victim: Circleville Municipal Court
Date:
Jan 2023
Location:
United States of America
Summary
A cyberattack disrupted systems at Circleville Municipal Court, prompting an investigation with external cybersecurity experts to restore operations and assess potential data compromise. While officials did not confirm ransomware, the LockBit group claimed responsibility for stealing 500 GB of sensitive case information and issued a ransom deadline. The incident occurred amid a broader pattern of ransomware attacks targeting under-resourced local governments, including another recent attack on an Ohio town’s municipal services. The court emphasized serious measures to protect information and restore functionality, reflecting wider trends of such groups exploiting vulnerable public sector entities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Circleville Municipal Court in Ohio experienced a cyberattack discovered in January 2023, prompting an ongoing investigation and system restoration efforts. The attack disrupted municipal court operations, forcing the IT department to collaborate with external cybersecurity professionals to recover affected systems. While court officials declined to confirm ransomware involvement, the LockBit ransomware group publicly claimed responsibility by listing Circleville on its leak site approximately one week prior to January 24. LockBit asserted it had exfiltrated 500 gigabytes of sensitive data, including case-related information, and set a ransom payment deadline coinciding with January 24. A court spokesperson emphasized continuous restoration work and stated they were evaluating potential data compromise but provided no specifics regarding impacted individuals or case types. Circleville, a town of approximately 14,000 residents, did not have its mayor or the Ohio governor’s office comment on the situation despite media inquiries.
The incident compromised court systems critical for case management and exposed sensitive judicial data, though the full scope remained under assessment at the time of reporting. This attack followed another December 2022 ransomware incident affecting Mount Vernon, Ohio’s police department and municipal court, highlighting a pattern of targeting local Ohio government entities. Ohio faced multiple ransomware campaigns in preceding years, including attacks on school districts and healthcare facilities. LockBit emerged as a dominant threat actor, conducting widespread attacks against global organizations throughout 2022, with recent high-impact operations against a Canadian pediatric hospital, a major European port, and a UK courier service. The Circleville attack exemplified ransomware groups’ continued focus on resource-constrained local governments, mirroring 2022 trends where municipalities in New Jersey, Colorado, Oregon, and New York faced similar breaches. Court administrators reiterated their commitment to restoring operations securely while investigating potential data exposure but disclosed no further technical details regarding attack vectors or restoration timelines.