Cyber Incident Victim: Licking County

On January 31, 2017, a ransomware infection disrupted government operations across Licking County, Ohio, with initial impacts reported late Tuesday night. The incident affected all county government offices, though some experienced indirect disruptions when IT personnel proactively shut down phone and computer systems to limit the malware’s spread. County officials confirmed the incident through multiple Facebook announcements, maintaining that offices would remain open despite the technical outage. Employees resorted to manual processes, including pen-and-paper record-keeping, for routine operations. Certain staff members in data-dependent roles were unable to perform their duties and were either sent home or reassigned to field work. The Newark Advocate documented these operational adjustments, highlighting the immediate productivity losses across departments.

The ransomware also compromised the computer network supporting Licking County’s 911 emergency services, though emergency phone lines remained functional on a separate system. This degradation forced dispatchers to work without digital tools, significantly hampering response efficiency. County representatives declined to disclose whether a ransom demand was received, the amount requested, or any intention to pay. Recovery methods—such as potential backup restoration versus system wiping and reinstallation—remained unconfirmed, as did the initial infection vector. The Licking County IT team collaborated with law enforcement, including the FBI, to investigate the attack. Separately, on February 2, 2017, the city of Troy, New York, disclosed an unrelated ransomware incident affecting its municipal systems, though no operational connection to the Licking County event was established.