Cyber Incident Victim: City of Frankfurt
Date:
Mar 2021
Location:
United States of America
Summary
The City of Frankfort experienced a disruptive intrusion into its IT network, compromising access to multiple servers and rendering several internal systems temporarily unavailable. Anonymous sources indicated the incident involved a ransom demand, though the municipality's official statement confirmed only the unauthorized network breach and operational disruptions without explicitly acknowledging extortion attempts. The attack prompted an investigation and temporary shutdown of affected systems to mitigate further risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The City of Frankfort, Kentucky, discovered unauthorized access to its IT network on Sunday, March 21, 2021, according to a city announcement. Two anonymous sources with knowledge of the incident, including one city employee, independently disclosed to The State Journal that the intrusion involved a ransom demand against municipal systems. The city confirmed the breach in a press release issued on Tuesday, March 23, following media inquiries by the newspaper. Officials characterized the event as an intrusion that disrupted access to certain computer servers, rendering multiple internal systems temporarily unavailable for operational use. While the city’s statement did not explicitly acknowledge ransomware, the anonymous sources directly attributed the disruption to a ransom scenario.
Municipal operations experienced immediate technical disruptions, though the specific departments or services affected were not detailed in public communications. The city initiated response protocols to contain the incident, though the nature of these technical measures remained unspecified. No evidence of public safety system compromises or data exfiltration was disclosed at the time of the announcement. The press release served as the primary official acknowledgment, with no additional details provided regarding ransom demands, payment status, or attacker attribution. Recovery efforts were underway to restore system functionality, but the timeline for full restoration and the extent of data or financial impacts were not publicly established in the immediate aftermath.