Cyber Incident Victim: Southampton County

Southampton County, Virginia, identified a ransomware attack in September 2022 when an unauthorized actor accessed a county server and encrypted stored data. The county implemented immediate containment measures upon discovery and initiated an investigation to assess potential data compromise. Forensic analysis determined that personal information—including names, addresses, driver’s license numbers, and Social Security numbers—residing on the affected server was at risk of exposure. While no definitive evidence confirmed data exfiltration, the county proactively notified impacted individuals via mailed letters submitted to the Montana Attorney General’s office. These notifications, sent in November 2022, offered complimentary credit monitoring services as a precautionary measure. The compromised server contained archived county records, though specific departmental systems or operational infrastructure beyond this server were not detailed in public disclosures.

The LockBit 3.0 ransomware group claimed responsibility for the attack, advertising it on their Tor-based leak site in September 2022. Their post included screenshots displaying folder names allegedly stolen from county systems and featured two interactive options: a “destroy all information” button and a “download data at any moment” button, both priced at $90,000. Southampton County confirmed partial data theft after a single W-2 form appeared on dark web platforms, with attackers asserting broader exfiltration of sensitive data from the encrypted server. No evidence suggested additional leaks beyond this W-2 form at the time of public reporting. The county completed recovery efforts prior to the dark web disclosure but maintained ongoing monitoring for further data exposure.