Cyber Incident Victim: City of Cornelia
Date:
Oct 2019
Location:
United States of America
Summary
A ransomware attack targeted the city's computerized billing system, causing a day of operational disruption and lost productivity. The organization restored operations using off-site backups from the prior day without paying ransom, marking the third such incident within the year. Prior vulnerabilities included reliance on an unsupported decade-old firewall and contracted offsite IT support until recent staffing changes. In response, the city invested approximately $30,000 in firewall upgrades with five-year software support and expanded its IT capabilities to mitigate future threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A ransomware attack targeted the City of Cornelia's computerized billing system around October 2, 2019, marking the third such incident against the city that year. The attack disrupted municipal operations, causing a full day of lost productivity as systems became inoperable. City Manager Donald Anderson confirmed the incident did not escalate to a ransom payment scenario, contrasting it with Atlanta's high-profile 2018 ransomware crisis. Municipal staff restored operations using off-site backups from the day preceding the attack, enabling full recovery without negotiating with attackers. The disruption primarily affected billing operations, though the article does not specify whether other systems or data integrity suffered secondary impacts. No resident data compromise or financial losses beyond operational downtime were explicitly reported. This incident followed two previous ransomware attacks against Cornelia earlier in 2019, though details of those prior events remain unspecified in available reporting.
Cornelia's response included immediate infrastructure upgrades, revealing systemic vulnerabilities in its IT environment. Until approximately 12-18 months before the attack, the city lacked dedicated IT staff, relying solely on offsite contractors for technology support. The compromised network depended on a firewall over ten years old that no longer received security updates or vendor support due to its obsolete status. Post-incident, city officials approved a $30,000 investment for a new firewall system, including software licenses and five years of technical support. They also established a full-time IT position to strengthen network oversight, addressing previously identified staffing gaps. These measures aimed to prevent recurrence despite Cornelia's modest population of 4,160 residents and corresponding budgetary constraints. The effective use of recent backups during recovery demonstrated existing disaster preparedness measures that mitigated potential damage from the encryption attack.