Cyber Incident Victim: Town of Dover, NJ
Date:
Nov 2019
Location:
United States of America
Summary
A cyberattack targeted municipal systems in Dover, Morris County, deploying Ryuk ransomware that disrupted network operations and email functionality. The town's IT consultants successfully removed the malware without paying a ransom, confirming no data alteration or destruction occurred. Concurrently, Union County experienced a separate email system compromise, later restored by cybersecurity personnel. Both incidents left essential services, including emergency dispatch, operational throughout and did not compromise personal information. Dover restored half of its affected computers while updating systems for enhanced protection, while Union County officials reported delayed email delivery during the outage. Investigations indicated no ransom demands were made to Dover despite ransomware identification, though full attribution remained unclear.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The cyber incident affecting the Town of Dover, New Jersey, began on Saturday, November 2, 2019, but remained undetected until the following Tuesday, November 5, due to the Veterans Day holiday weekend. Municipal computer systems were compromised by ransomware identified as "Ryuk," which disrupted the town's network operations and email communications. Officials confirmed the attack did not alter, destroy, or exfiltrate data from Dover’s servers, and critical services such as emergency dispatch remained operational throughout the incident. The ransomware impacted 20 municipal computers, rendering some employees unable to receive emails. An email notification received by the town indicated the presence of ransomware, though no specific ransom demand or payment instructions accompanied the message. Attackers did not attempt to extort money from the town during the incident.
Dover’s response was managed by its IT consulting firm, Nisivoccia Consulting, which successfully removed the Ryuk virus without paying any ransom. By the time officials publicly addressed the incident, half of the affected computers had been fully restored. The town initiated updates to its operating systems to strengthen defenses against future attacks. Business Administrator William Reyes emphasized that no personal information was compromised and attributed the delayed detection to the holiday closure. Recovery efforts focused on restoring email functionality and securing the network, with no reported collateral damage to other municipal systems or external agencies. The incident concluded with operational restoration and enhanced security measures under Nisivoccia’s oversight.