Cyber Incident Victim: North Kingstown
Date:
Jan 2024
Location:
United States of America
Summary
A cyberattack disrupted government operations in Washington County, forcing a shutdown of the main computer server and halting email access, electronic document filing, and other server-dependent services, though emergency systems like 911 remained functional. The county paid a $350,000 ransom to alleged Russian hackers—approved via emergency meetings due to the criminals' deadline—using American Rescue Plan funds, amid internal commissioner disagreement over the decision's ethics and potential encouragement of future attacks. Officials cited risks of exposing sensitive data, including records of abused or abducted children, as a key factor in paying; approximately 80% of systems were restored following the payment, while operations temporarily relied on manual processes during the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyberattack disrupted Washington County, Pennsylvania's government operations beginning in January 2024, when hackers compromised the county's main computer server. The attack forced a complete shutdown of all county activities dependent on this system, including email access and electronic document filing. Officials first detected the breach on Wednesday, January 24, when IT staff alerted County Commissioner Nick Sherman to a phishing scheme, prompting immediate system isolation. Homeland Security initiated an investigation into the incident. Critical emergency services—including the 911 call center and emergency management systems—remained operational due to protective firewalls segregating them from the compromised network. Court functions continued using manual, paper-based processes as an alternative to disabled digital systems, significantly slowing operations. Residents experienced widespread disruptions, such as Cody Polfus-Banaszak's postponed record expungement appointment. Commissioner Sherman acknowledged the attack caused "massive inconvenience" but emphasized protecting sensitive county and resident data as the priority. No restoration timeline was initially provided.
The incident escalated when investigators confirmed hackers—allegedly Russian cybercriminals—had exfiltrated sensitive data, including records of children receiving county services for abuse, abduction, or severe needs. Facing a February 6 deadline set by the attackers, county commissioners held emergency meetings authorized under Pennsylvania's Sunshine Act provisions for urgent threats. On February 6, a 2-1 vote authorized spending up to $400,000 from American Rescue Plan funds, covering the $350,000 ransom and approximately $20,000 for a payment intermediary service. Commissioner Larry Maggi dissented, calling the payment "repugnant" and warning it incentivized future attacks. Board Chairman Sherman defended the decision, stating the risk of exposing vulnerable children's data on the dark web justified payment despite ethical concerns. County Solicitor Gary Sweat described the attack as "paralyzing all county operations" and noted the urgency stemmed from the criminals' 3:30 p.m. deadline that day. Following the payment, county systems were 80% restored by the time of the February 24 report. The ransomware group's identity and full data recovery status remained undisclosed.