Cyber Incident Victim: Union County, NJ
Date:
Nov 2019
Location:
United States of America
Summary
A cyberattack disrupted email systems for Union County government employees, with service restored after approximately two days. The incident did not compromise personal information, and essential operations including emergency dispatch and public website access remained functional despite limited interruptions. Response efforts were coordinated by the county's cybersecurity consultant, though it remains unclear whether any ransom payment occurred or how email functionality was specifically recovered. The attack coincided with a separate ransomware incident affecting another New Jersey municipality, which reported no data loss or ransom demands.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyberattack on Union County, New Jersey, began at approximately 6:00 a.m. on Tuesday, November 12, 2019, disrupting employee email systems. County spokeswoman Tina Casey confirmed email service was restored by Thursday morning, November 14, though some officials reported intermittent email access issues throughout the incident period. The attack specifically targeted internal email communications, with some employees discovering delayed message deliveries after restoration. Union County maintained public access to its website with only limited interruptions and ensured critical operations like emergency dispatch services continued without disruption. No evidence indicated compromise of personal data or alteration/destruction of server information. The county engaged its cybersecurity consultant, SpinCube, to coordinate the incident response. SpinCube's Jersey City office declined to provide technical details regarding restoration methods or potential ransom demands when contacted by media. The FBI Newark Field Office similarly declined comment on its involvement or investigation status. Union County officials could not confirm whether the attack shared characteristics with the contemporaneous ransomware incident in Dover, Morris County.
Dover's separate attack began earlier, on Saturday, November 9, but remained undetected until Tuesday due to the Veterans Day holiday weekend. Dover officials identified the malware as Ryuk ransomware, though no ransom demand accompanied the infection. Municipal Business Administrator William Reyes stated their IT firm, Nisivoccia Consulting, eradicated the ransomware without payment and restored 50% of affected computers (20 total) by the time of reporting. The attack impacted Dover's municipal computer network and email functionality but did not alter or destroy server data. Concurrently, Union County's unresolved questions about attack vectors and remediation contrasted with Dover's clearer technical assessment. Both incidents occurred amid heightened FBI warnings about ransomware targeting New Jersey municipalities, exemplified by Newark's 2017 incident where Iranian hackers received $30,000 in Bitcoin. The attacks underscored operational vulnerabilities in local government IT infrastructure during holiday periods and the variability in ransomware tactics, ranging from overt financial demands to disruptive network incursions without explicit extortion attempts.