Cyber Incident Victim: Town of Collierville
Date:
Jul 2019
Location:
United States of America
Summary
The Town of Collierville experienced a disruptive ransomware attack targeting its computer systems, which encrypted and blocked access to critical files, significantly impairing municipal operations. Officials publicly acknowledged the cyber incident, confirming the compromise of internal infrastructure but did not disclose specific operational impacts or whether data exfiltration occurred. The attack necessitated immediate response efforts to contain the malware's spread and restore affected services, though recovery timelines and potential data loss remained unclear at the initial disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 18, 2019, the Town of Collierville, Tennessee, experienced a disruptive ransomware attack targeting its computer systems. Town officials publicly confirmed the cyberattack on the morning of July 18 after discovering that ransomware had blocked access to an unspecified portion of municipal files. The attack compromised operational capabilities by restricting access to critical data, though the exact scope of encrypted systems and specific departmental impacts were not detailed in initial reports. No information was disclosed regarding the initial intrusion vector, malware variant, or whether attackers issued explicit ransom demands. The confirmation marked the town’s acknowledgment of an ongoing incident, though no timeline for detection or initial system compromise was provided.
The incident disrupted routine administrative functions by rendering certain files inaccessible, though emergency services and other essential operations were not explicitly reported as affected. Collierville officials did not describe immediate containment measures, forensic investigations, or communication with law enforcement agencies in the initial disclosure. Recovery timelines and data restoration methods remained unspecified, as did any potential data exfiltration or secondary impacts beyond file encryption. The public announcement focused solely on confirming the ransomware’s presence and its primary effect—blocking file access—without elaborating on operational continuity measures or long-term remediation plans. No further updates regarding financial losses, resident data exposure, or full service restoration were included in the available reporting.