Cyber Incident Victim: Clay County
Date:
Jul 2024
Location:
United States of America
Summary
A ransomware attack attributed to the BlackSuit group, linked to Russian cybercrime operations, disrupted Clay County Courthouse systems, prompting immediate isolation of affected infrastructure and temporary closure of courthouse offices, courts, and health department services. Critical emergency services including the Sheriff's Department and 911 dispatch remained operational despite initial non-emergency line disruptions. Recovery efforts involve collaboration with cybersecurity experts and federal authorities to restore systems and assess potential data exposure, though no confirmed data compromise has been identified. Court proceedings were suspended, requiring affected individuals to reschedule appearances through alternative communication channels while county offices outside the courthouse resumed normal operations. The incident mirrors recent attacks on neighboring jurisdictions, highlighting persistent regional cybersecurity threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
A ransomware attack compromised Clay County Courthouse systems shortly after midnight on July 9, 2024, prompting immediate mitigation efforts by county officials. Preliminary investigations indicated the incident involved data encryption and disrupted access to critical systems, including electronic connections with state partners. The Clay County Commissioners isolated affected systems, engaged cybersecurity professionals, and reported the incident to law enforcement and federal authorities. Courthouse operations—including the Prosecutor’s Office, Circuit Court, and Superior Court—were suspended by 2:00 PM that day, with closures extending through July 10. Legal proceedings scheduled for July 9–10 were postponed, requiring affected individuals to contact courts on July 11 for rescheduling instructions. Non-courthouse offices, including the Sheriff’s Department, 911 Dispatch, Highway Department, Extension Office, and WIC office, remained operational despite initial non-emergency line disruptions that were later resolved. Emergency services, including 911, were unaffected throughout the incident.
County officials characterized the attack as part of a broader pattern involving BlackSuit ransomware, which cybersecurity analysts link to Russian and Eastern European cybercrime groups historically associated with Conti and Royal ransomware operations. Recovery complexities necessitated prolonged courthouse closures, with a reevaluation planned for July 22 and contingency updates promised by July 12. The county prioritized transparency through press releases and social media updates via the Clay County Emergency Management Facebook page. No evidence of personal data compromise was identified during initial assessments, though forensic investigations remained ongoing. The Commissioners committed to system enhancements to prevent future attacks, acknowledging operational disruptions while emphasizing collaboration with external experts to restore services. Next steps included a detailed update by July 19, 2024, as restoration efforts continued without public disclosure of ransom demands or payment status.