Cyber Incident Victim: Wood County
Date:
Dec 2024
Location:
United States of America
Summary
A ransomware attack disrupted emergency services in Wood County, Ohio, forcing dispatchers to use manual pen-and-paper methods after losing access to computer-aided dispatch and records management systems. While 911 operations remained functional, the incident affected sheriff's office communications, jail operations, and police division access to historical records. County IT staff detected malicious network activity through firewall alerts, prompting collaboration with the FBI and cybersecurity consultants for system analysis and recovery. Officials confirmed public services were not compromised but acknowledged internal workflow disruptions across departments, adhering to guidance against ransom payments despite unspecified demands.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 9, 2024, Wood County, Ohio, discovered a ransomware attack that disrupted critical public safety systems. The incident began when the county’s IT department received early morning alerts from network firewalls indicating malicious activity. The attack primarily affected the Wood County Sheriff’s Office computer-aided dispatch system, impairing operations for emergency dispatchers, jails, and the Bowling Green Police Division. While 911 services and fire department communications remained functional, dispatchers resorted to manually recording calls using pen and paper due to inaccessibility of the county’s records management system. The Bowling Green Police Department, located in the county seat, also lost access to some historical police records. Jeff Klein, Wood County Emergency Management Agency director, noted the transition to manual processes was manageable for experienced staff familiar with pre-digital workflows. He emphasized that citizen-facing services were largely unaffected, though internal operations faced varying levels of disruption across departments.
County officials engaged the FBI and third-party cybersecurity consultants to analyze the compromised systems and conduct testing, as announced in a December 10 press release by the Wood County Commissioners’ Office. Klein stated he had not personally seen ransom demands but affirmed the county would adhere to CISA guidance discouraging ransom payments, citing concerns about incentivizing future attacks. The incident occurred approximately five months after Columbus, Ohio, sustained a separate cyberattack projected to cost millions in recovery expenses. No specific financial impact or data compromise details were disclosed for Wood County’s event. Operational continuity relied on legacy procedures while restoration efforts continued, with no reported degradation in emergency response capabilities despite the technological setbacks.