Cyber Incident Victim: City of Independence
Date:
Dec 2020
Location:
United States of America
Summary
A ransomware attack disrupted multiple services in the City of Independence, Missouri, after malicious activity prompted a voluntary shutdown of IT systems to contain the incident. The attack compromised the utility billing system, causing delays in sending bills and processing online payments, though late fees were waived for affected residents. Recovery efforts involved restoring encrypted machines from backups and conducting system scans, while officials investigated potential data theft of resident and employee information—a common tactic in modern ransomware operations involving double-extortion strategies. No ransomware group claimed responsibility for the incident at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early December 2020, the City of Independence, Missouri, experienced a ransomware attack that disrupted municipal operations and prompted an immediate shutdown of its IT systems. City Manager Zach Walker confirmed the incident after malicious activity was detected, stating the attack was halted before it could compromise the entire city network. Upon identifying the threat, administrators proactively took all systems offline to contain potential damage, a decision that inadvertently affected critical infrastructure. The utility billing system was among the components compromised during this emergency isolation process. Recovery efforts involved comprehensive system scans and the restoration of encrypted machines from backups, prolonging service interruptions across multiple departments. These disruptions delayed the issuance of utility bills and temporarily disabled online payment processing, directly impacting residents' ability to settle accounts through digital channels. The city suspended late fees for affected customers as a compensatory measure for the billing delays caused by the attack.
While restoration work continued, officials launched an investigation to determine whether attackers exfiltrated sensitive data belonging to residents and employees prior to encryption. Walker acknowledged the prevalence of double-extortion tactics in modern ransomware operations, where threat actors steal unencrypted files before deploying malware and later threaten to leak the data unless ransoms are paid. No ransomware group claimed responsibility for the Independence attack during the initial disclosure period. The city maintained operational focus on system recovery and impact assessment without publicly disclosing specific technical details about the ransomware variant, initial attack vector, or financial demands. Service restoration timelines remained undefined in the immediate aftermath as technicians worked to validate backup integrity and ensure systems could be safely brought back online.