Cyber Incident Victim: City of Mt. Pleasant
Date:
Oct 2020
Location:
United States of America
Summary
The City of Mt. Pleasant experienced a remote ransomware attack compromising its computer and phone systems, detected on a Saturday morning. Officials confirmed the city's firewall remained secure during the incident and stated they would not pay any ransom demands. The attack disrupted municipal operations, prompting public notification through an official press release. No further details regarding data exfiltration or specific recovery measures were disclosed in the initial report.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Mt. Pleasant, Michigan, experienced a disruptive ransomware attack detected on the morning of Saturday, October 3, 2020. City officials confirmed the incident through a press release published on the municipal website, characterizing it as a remote ransomware attack compromising computer infrastructure and telephone systems. Initial detection occurred during weekend operations, though the precise intrusion vector and initial access timeframe remained unspecified in public communications. The city emphasized its firewall defenses remained intact throughout the incident, suggesting attackers potentially exploited other vulnerabilities or utilized compromised credentials to deploy ransomware payloads internally. Immediate response efforts focused on containment and assessment, though technical specifics regarding isolation procedures or forensic methodologies were not publicly disclosed. No operational downtime metrics or service disruption details were provided beyond the confirmed compromise of computers and phones, leaving the full operational impact undefined in available records.
Officials explicitly stated the city would not engage with threat actors or pay any ransom demands, reflecting a predetermined incident response policy against extortion payments. The declaration implied confidence in restoration capabilities through backups or other recovery mechanisms, though backup integrity and restoration timelines were not addressed in the press release or subsequent media coverage. Public reporting via NBC25 News and DataBreaches.net highlighted the attackās occurrence but did not identify the ransomware variant, associated threat actors, or specific data encryption scope beyond affected system categories. The incident underscored municipal vulnerability to remote cyber intrusions despite maintained perimeter defenses, with response priorities centering on system recovery and maintaining public transparency through official statements. No follow-up disclosures regarding investigation outcomes, total recovery duration, or financial impacts were identified in the sourced material following the initial announcement.