Cyber Incident Victim: Alexander City Government

On January 24, 2023, Alexander City officials discovered a ransomware attack during morning operations at approximately 7 a.m., prompting an emergency city council meeting that same day. Mayor Woody Baird confirmed the attack involved a ransom demand delivered to the city, though the specific amount and payment terms were not disclosed. The city immediately engaged its cybersecurity insurance provider, which deployed a taskforce to manage the incident and recommended contracting Codeware, a software firm, for specialized IT legal advice and incident response support. During the council meeting, officials authorized an immediate deposit and signed an agreement to activate Codeware’s services, emphasizing urgency to initiate forensic tracking of the attackers. Initial assessments indicated the attack disrupted municipal phone systems, though critical services including 9-1-1 emergency response and utility payment processing remained operational.

City IT Director Joe Milam reported extensive infrastructure compromise, with both physical and virtual servers—including the vCenter virtualization management platform—rendered inaccessible due to altered administrative credentials. Milam recovered backup systems but expressed uncertainty regarding their integrity, noting attackers could have tampered with files during a potential seven-to-ten-day潜伏期 (潜伏期) prior to detection. The breach’s origin and full scope remained undetermined at the time of the council meeting, with no confirmation of data exfiltration or specific attacker identity. Council members unanimously approved Codeware’s engagement to pursue system recovery and investigate the intrusion. Operational impacts persisted through the disclosure period, primarily affecting internal communications and administrative functions, while response efforts focused on restoring systems from backups pending forensic validation.