Cyber Incident Victim: Pottawatomie County
Date:
Sep 2021
Location:
United States of America
Summary
A Kansas county experienced a cyber attack that encrypted multiple servers, disrupting access to numerous daily operational systems. The incident was detected by county IT staff, though the specific compromised systems were not publicly disclosed. Essential emergency services, including 911, fire response, EMS, and sheriff’s office operations, remained unaffected during the breach. Officials continued assessing the full scope of the intrusion and its impacts on other county functions following the discovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 17, 2021, Pottawatomie County, Kansas, experienced a cyber attack discovered by county IT staff during active intrusion activity. The attack resulted in the encryption of multiple servers, disrupting access to numerous daily operational systems across the county government. While officials confirmed the encryption’s impact on server functionality, they did not publicly identify the specific compromised systems or departments affected beyond noting the broad disruption. The incident prompted immediate assessment efforts to determine the full scope of the compromise, including which data or services might have been rendered inaccessible or exfiltrated. Initial investigations revealed that critical emergency services—including 911 dispatch, fire departments, emergency medical services (EMS), and the Sheriff’s Office—remained operational without apparent disruption. No evidence suggested these essential functions experienced downtime or data loss due to the attack. The county’s public information officer, Becky Ryan, formally acknowledged the breach but did not disclose technical details about the attack vector, malware type, or threat actor responsible.
County officials initiated containment procedures upon detecting the attack, though the prompt did not specify technical remediation steps taken. Recovery efforts focused on restoring encrypted systems while maintaining continuity for emergency services. Public communications emphasized operational resilience for life-saving infrastructure but withheld specifics about non-essential systems under restoration. The county did not release information regarding data theft, ransomware demands, or whether external cybersecurity firms or law enforcement agencies assisted in the response. As of the reporting date, the investigation remained ongoing, with officials continuing to evaluate the attack’s duration, entry points, and total operational or financial impacts. No further updates regarding data exposure, recovery timelines, or forensic conclusions were provided in the sourced disclosure.