Cyber Incident Victim: Adams County Communication Center

On May 4, 2023, the Adams County Communication Center, known as ADCOM911, was impacted by a ransomware incident. The Adams County Sheriff's Office publicly acknowledged the event on the same day through an official press release. The incident disrupted the normal operations of the emergency communication center, which is a critical component of the county's public safety infrastructure. The specific nature of the disruption involved the compromise of computer systems by malicious software designed to encrypt data and hold it for ransom.

In immediate response to the discovery of the incident, ADCOM911 initiated its emergency protocols to ensure the continuity of its essential services. All 911 telephone lines remained fully operational throughout the event, ensuring that the public retained the ability to request emergency assistance. This was a primary focus of the initial response efforts to safeguard life and property. The ability to receive emergency calls was maintained without interruption, and call-takers were able to process and dispatch these requests for service.

Concurrently, the non-emergency administrative phone lines for the Adams County Sheriff’s Office were taken offline as a direct containment measure. This action was taken to prevent the potential spread of the ransomware and to isolate the affected systems for investigation. The public was advised to utilize 911 for all law enforcement needs during this period, as the non-emergency lines were temporarily unavailable. This step was part of a broader effort to segregate compromised network segments from those critical to life-safety operations.

The investigation into the scope and origin of the attack was undertaken by the Adams County Sheriff's Office. This process involved digital forensics to determine the extent of the systems and data that were affected by the ransomware. The analysis aimed to identify the point of entry used by the attackers and the specific variant of ransomware deployed in the incident. The integrity of data housed within the compromised systems was a key area of focus for the investigation to ascertain what information may have been accessed or exfiltrated.

Operational impacts extended beyond phone lines. The computer-aided dispatch (CAD) system used by ADCOM911 was affected by the ransomware event. While the precise technical details of the CAD system disruption were not publicly elaborated upon, such systems are integral to the efficient logging and routing of emergency calls and the management of responder units. The impairment of this system necessitated the implementation of manual backup procedures to ensure that dispatchers could still effectively coordinate police, fire, and medical responses despite the technical outage.

The response to the incident involved a coordinated effort across multiple departments within Adams County. Law enforcement and emergency service personnel worked to mitigate the effects of the attack on their daily operations. The transition to manual processes, such as physically writing down incident details and communicating via radio, represented a return to foundational practices that were less reliant on vulnerable digital infrastructure. This shift ensured that response times for emergencies were maintained as effectively as possible under the circumstances.

There was no public indication that any personal identifiable information or other sensitive data was exfiltrated during the breach. The investigation focused on the operational disruption caused by the system encryption rather than a large-scale data theft. The primary consequence of the incident was the temporary degradation of internal administrative and dispatch capabilities, not the compromise of citizen data. The restoration of encrypted systems and data from secure backups became a recovery priority.

The recovery process involved efforts to cleanse impacted systems and restore data from uncontaminated backups. The presence of viable and recent backups is a critical component for recovering from a ransomware attack without capitulating to monetary demands. The process of verifying the integrity of backup data and systematically rebuilding infected systems is typically a meticulous and time-consuming operation to ensure no remnants of the malicious code remain that could cause a re-infection.

Public communication was managed through the Adams County Sheriff's Office official website. The press release served as the primary source of information for the community, providing confirmation of the event and guidance on how to contact emergency services. The communication strategy was factual and direct, aiming to inform the public without causing unnecessary alarm while simultaneously providing clear instructions on the temporary changes to non-emergency contact procedures. The disclosure emphasized the continued functionality of the 911 system above all else.

The incident required a sustained response over a period of time to fully eradicate the ransomware and restore all systems to their normal operational state. The duration of the complete recovery process was not specified in the available information. The full restoration of non-emergency phone lines and the computer-aided dispatch system to full automated functionality marked the conclusion of the incident response phase. The event underscored the vulnerabilities inherent in critical infrastructure and the importance of robust contingency planning for public safety agencies.