Cyber Incident Victim: Fort Collins Loveland Water District

On February 11, 2019, employees of the Fort Collins Loveland Water District and South Fort Collins Sanitation District discovered they were locked out of technical and engineering data, drawings, and computer systems upon arriving at work. The districts had been targeted by a ransomware attack, with hackers encrypting critical operational data and demanding payment to restore access. General Manager Chris Matkins confirmed this was the second ransomware incident affecting the utilities within a two-year period. The attackers explicitly held the data hostage, though Matkins declined to disclose the ransom amount or demanded payment method, stating such details had no bearing on their response strategy. The immediate operational impact centered on the loss of access to essential engineering documents and technical records required for daily functions. No information was provided regarding the initial intrusion vector, duration of system compromise prior to detection, or whether customer data or external systems were affected.

The organizations did not consider paying the ransom and instead pursued independent recovery efforts. Within approximately three weeks of the attack, technicians successfully restored access to the encrypted data without capitulating to the attackers' demands. Matkins did not elaborate on the specific technical methods used to regain access or whether backups facilitated the restoration. The incident caused operational disruption during the three-week recovery period, though the full scope of financial or service-delivery impacts was not quantified in available reports. The resolution demonstrated the districts' ability to neutralize the attack without external payment, though recurring vulnerabilities were evident given the prior incident within the same timeframe.