Cyber Incident Victim: Port Lavaca City Hall

The Ryuk ransomware attack on Port Lavaca City Hall occurred in February 2020, disrupting municipal operations after infiltrating the city’s email system. The malware encrypted files on the local government’s primary server, disabling critical functions including billing and auto-pay systems. City Manager William DiLibero confirmed the attack forced a regression to manual payment collection methods, requiring staff to process cash, checks, and credit card transactions in person at City Hall. Mayor Jack Whitlow emphasized no data theft occurred, but ransomware operators demanded $200,000 to decrypt the locked files. Municipal services unrelated to the compromised server—including water utilities, sewer systems, and police department operations—remained functional throughout the incident.

City officials declined the ransom demand and engaged restoration efforts at an initial cost of $50,000, prioritizing local workforce involvement over capitulating to attackers. Whitlow stated recovery would require significant time to rebuild databases and fully reinstate digital payment infrastructure. The incident was reported to the FBI for investigation, with coordination extending to unspecified state and federal agencies. While partial system functionality was restored promptly, data recovery processes continued beyond the initial containment phase. The attack’s operational impact persisted through the reactivation period, particularly affecting revenue collection workflows reliant on automated processing. No secondary infections or collateral damage to industrial control systems were reported, contrasting with contemporaneous Ryuk attacks on maritime infrastructure that disrupted physical access controls and cargo monitoring networks.