Cyber Incident Victim: San Bernardino County Sheriff's Department

On or around April 7, 2023, the San Bernardino County Sheriff’s Department in Southern California experienced a significant network disruption to its electronic systems. The department officially referred the problem to the FBI and the Department of Homeland Security for investigation. Officials publicly disclosed the incident in a statement released on Saturday, April 8, though they declined at that time to elaborate on the specific nature or cause of the disruption. The initial statement from the sheriff’s department asserted that the event had not impacted the agency’s operational capabilities. Upon discovery of the incident, the county immediately took steps to secure its network infrastructure. This action was followed by the initiation of an investigation conducted by the county's internal information technology staff alongside third-party forensic specialists.

Further details emerged indicating the disruption was more severe than initially described. Reports confirmed the incident was a cyberattack that resulted in the encryption of many of the department's critical systems. This encryption was likely the consequence of a malicious hyperlink being clicked, which facilitated the intrusion and the subsequent deployment of ransomware or a similar disruptive payload. The attack forced the department to shut down a majority of its systems for a period extending beyond two weeks as recovery efforts were underway. Despite the widespread system encryption, the department managed to recover data from affected systems. The process of restoring all operations to a fully functional state was a prolonged endeavor.

The impact of the cyberattack necessitated a shift to more traditional, manual protocols for conducting routine law enforcement activities. Deputies had to utilize alternative methods for running essential license plate checks and conducting background investigations. Throughout the recovery period, the department maintained that public safety operations had not been adversely affected, though the operational workarounds undoubtedly introduced inefficiencies. The county conducted a thorough forensics investigation to achieve a complete understanding of the full scope and any potential impact to its operations before fully reintegrating the compromised systems back into daily use. This cautious approach was taken to ensure the network was completely secure and any latent threats were eradicated.

The investigation into the attack involved multiple agencies. The FBI provided assistance, though the bureau did not publicly offer specific details regarding its role or findings. Other county networks, which operate on systems separate from those of the sheriff’s department, were confirmed to be unaffected by the disruption. This isolation prevented the incident from spreading to other parts of the county's government infrastructure. The event was part of a broader trend of increasingly prevalent cyberattacks targeting local government entities across the United States, highlighting the vulnerability of critical public sector infrastructure to such threats. The financial and operational costs of these incidents on law enforcement agencies and the communities they serve were noted to be substantial.