Cyber Incident Victim: Genesee County
Date:
Apr 2019
Location:
United States of America
Summary
A ransomware attack disrupted operations in Genesee County, Michigan, forcing a shutdown of computer systems and causing widespread service outages that hindered payment processing and other critical functions. Communication was limited to phone contact after email systems were compromised, with restoration efforts proving more complex than anticipated due to the attack's extensive scope. Officials worked to gradually restore services, prioritizing email before addressing other affected systems, though full recovery took longer than initially projected. The county confirmed no data compromise occurred and stated no ransom was paid, while involving the FBI and Michigan State Police to investigate the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 1, 2019, Genesee County, Michigan, experienced a ransomware attack that disrupted county operations. The attack compromised the county's email systems, forcing officials to shut down computer networks to contain the damage and begin restoration efforts. This immediate response led to widespread service outages, with the county unable to process payments or perform computer-dependent tasks. Physical signs were posted at county facilities informing the public of these limitations. Initial recovery projections proved overly optimistic, as officials acknowledged by April 3 that the attack's scope exceeded early assessments, complicating restoration efforts. The county prioritized email system recovery first, aiming to restore this service by April 4 before addressing other affected systems.
County administrators worked continuously with external partners to restore operations, targeting a return to normal functionality by the following Monday. Throughout the incident, officials maintained that no sensitive data was compromised and emphasized they did not pay any ransom. The FBI and Michigan State Police were engaged to investigate the breach, though authorities acknowledged the inherent challenges in identifying perpetrators common to ransomware cases. Public updates were disseminated via the Genesee County Board of Commissioners Facebook page, describing the situation as fluid while documenting incremental progress in system restoration over multiple days following the initial attack.