Cyber Incident Victim: Solano County Library

A cyberattack disrupted Solano County Library's computer systems on or before April 5, 2024, causing widespread operational failures across its nine branches in Dixon, Fairfield, Suisun City, Rio Vista, Vacaville, and Vallejo. The attack disabled public internet access, WiFi services, internal record-keeping systems, and phone lines, forcing staff to manually process book loans with paper slips. The library announced the outage publicly through a Facebook post on April 5, confirming all locations were affected. Solano County Registrar of Voters CIO Tim Flanagan described the incident as "unexpected activity" that disrupted specific systems, though he confirmed no evidence of spread to other county infrastructure. By April 8, systems remained offline with no restoration timeline. Three sources attributed the outage to a ransomware attack, with one reporting a printer-generated message stating, "you have been penetrated by Medusa."

The Medusa ransomware group claimed responsibility, demanding $100,000 by the end of the week to prevent the release of 85 GB of stolen data, which they partially leaked on a dark web site. While the exact contents were unspecified, officials acknowledged potential exposure of sensitive employee information. Flanagan stated the county engaged computer specialists to investigate the attack’s origin and impacts, with no conclusions yet disclosed. Historical context from Cybernews noted Medusa’s prior targeting of 119 U.S. systems in 2023, including three school districts, while a Minneapolis attack by the group exposed teacher misconduct records and student psychological reports. The library incident mirrored a 2023 Oakland ransomware attack where leaked employee data, intern records, and resident claims led to lawsuits. Solano County’s investigation and recovery efforts remained ongoing as of the latest reports.