Cyber Incident Victim: City of Albany
Date:
Mar 2019
Location:
United States of America
Summary
The City of Albany experienced a ransomware attack disrupting multiple municipal services, including birth, death, and marriage certificate processing, while city employees transitioned to manual operations for payroll and hour tracking. Police department systems were compromised, disabling access to scheduling, email, patrol car reporting tools, and overtime requests, potentially delaying emergency responses. Officials confirmed no evidence of personal data theft but offered optional credit monitoring to employees and continued assessing the attack's scope and financial impact without disclosing whether a ransom was paid. Critical infrastructure remained operational with modified public access to buildings and court services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 30, 2019, the City of Albany, New York, experienced a ransomware attack that disrupted municipal operations. City officials immediately initiated response efforts over that weekend, though the full scope of system damage remained unclear at the onset. A public advisory confirmed all city services would remain operational except for vital records processing – specifically birth, death, and marriage certificates. Municipal buildings opened at noon on Monday, April 1, with employees reporting as scheduled, while City Court maintained normal hours. Mayor Kathy Sheehan announced via Twitter that damage assessment was ongoing and pledged timely public updates, scheduling an April 1 press conference at City Hall for further details. The incident occurred amid a global surge in ransomware attacks, with contemporaneous incidents affecting entities like Norsk Hydro and Jackson County, Georgia, though no direct connection between these events was established in available reporting.
The attack significantly impaired police operations, as detailed in an April 1 Facebook post by Albany Police Officers Union Vice President Gregory McGee. Officers lost access to scheduling systems, departmental email, and internet-dependent programs, preventing shift visibility, time-off requests, and overtime logging. Patrol car computers were compromised, hindering incident report generation and potentially delaying emergency response times due to manual workarounds. During the April 1 press conference, Mayor Sheehan confirmed no evidence of personal data exfiltration but offered optional credit monitoring to employees. Payroll systems were confirmed impacted, requiring manual hour tracking. The city declined to disclose whether ransom payments were made and was still calculating financial impacts. IT monitoring systems initially alerted officials to anomalous activity, though the specific ransomware variant and initial attack vector were not publicly identified in source materials.