Cyber Incident Victim: Butler County Sheriff's Office
Date:
Dec 2020
Location:
United States of America
Summary
A malware attack disrupted the Butler County Sheriff's Office operations, primarily affecting the Computer Aided Dispatch system and forcing dispatchers to use paper-based methods for approximately one week. Officials disconnected all systems, wiped every agency computer, and implemented heightened security protocols to prevent reinfection. While most functions were restored, email systems remained partially limited, requiring alternative methods for external communication. The incident did not compromise the county's broader network due to segregated systems, and ongoing assessments with third-party experts found no evidence of sensitive data exposure. The sheriff's office adjusted operations during the outage, with handwritten reports replacing digital field entries. County IT had previously conducted security evaluations and planned to bolster defenses, including hiring dedicated cybersecurity personnel.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A malware attack disrupted operations at the Butler County Sheriff's Office in Ohio during the December 2020 holiday period, specifically impacting the Computer Aided Dispatch (CAD) system and related departmental functions. The incident forced officials to take immediate containment measures, including disconnecting all affected systems and initiating a comprehensive cleanup process. Chief Deputy Anthony Dwyer described implementing an "ultra-safe mode" where technical staff physically wiped every agency computer and any device that had connected to their network to eliminate potential malware remnants. While most systems resumed normal operations after this remediation, the email system required extended recovery efforts—staff temporarily used kiosks and cell phones for external communications while internal email functionality was partially restored. Dispatchers reverted to manual methods during the CAD outage, utilizing paper logs, wall charts, and maps to coordinate emergency responses for approximately one week. Field officers adapted by handwriting tickets and reports since electronic form submissions remained unavailable, with Ross Township Police Chief Burt Roberts noting the transition caused operational inconveniences but not critical service failures due to historical familiarity with analog processes.
The sheriff's office maintained network segregation from Butler County's primary systems, preventing broader countywide infrastructure compromise according to County Administrator Judi Boyko. Third-party cybersecurity experts assisted in forensic analysis to determine whether sensitive data was exfiltrated, though Dwyer reported no immediately concerning evidence of information theft during preliminary assessments. County IT Director Eric Fletcher referenced a pre-incident security assessment conducted in 2020, with plans accelerating to implement its recommendations—including creating a dedicated cyberanalyst position previously handled through distributed responsibilities. Butler County Job and Family Services confirmed its state-operated systems housing sensitive client data remained unaffected despite the sheriff's office breach. Operational disruptions remained localized to law enforcement functions, with no reported impacts on emergency response effectiveness despite prolonged technical recovery requirements for ancillary systems like email. County leadership acknowledged the attack underscored persistent cybersecurity challenges facing government entities, emphasizing ongoing efforts to cultivate security-first operational cultures alongside technological improvements.