Cyber Incident Victim: Bernalillo County
Date:
Jan 2022
Location:
United States of America
Summary
A ransomware attack disrupted Bernalillo County government operations, forcing closures of public offices and limiting employee access to critical databases. Emergency services including 911, the Sheriff’s Office, and Fire and Rescue remained operational using backup contingencies, while other departments like community centers and behavioral health relied on contingency plans. The county took affected systems offline, severed network connections, and engaged vendors and law enforcement to investigate and restore functionality. Tax payments remained accessible through a separate portal, but most websites were offline and detention center visits were canceled. The specific ransomware strain and initial attack vector were unidentified at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 5, 2022, Bernalillo County government systems experienced a disruptive ransomware attack discovered between midnight and 5:30 a.m. local time, prompting immediate operational shutdowns across multiple municipalities. County officials took impacted IT systems offline and severed network connections to contain the intrusion, which primarily blocked employee access to government databases and crippled public-facing operations. All county government buildings and public offices in Albuquerque, Los Ranchos, and Tijeras closed early Wednesday, with officials anticipating closures extending through Thursday and the remainder of the week. Critical public safety services including 911 dispatch, the Sheriff’s Office, and Fire and Rescue maintained normal operations using backup contingency plans, while the Metropolitan Detention Center suspended all visitation. Community centers, Planning and Development Services, and Behavioral Health departments continued limited operations without database access. The Treasurer’s Office remained partially functional for tax payments through a separate online portal, though all county websites went offline due to the attack.
County employees transitioned to remote work where possible to assist the public within operational constraints, while technical teams collaborated with external vendors to restore systems. Officials engaged law enforcement agencies to investigate the incident, though the ransomware variant and initial attack vector remained unidentified. The incident disrupted routine government services reliant on database access but avoided broader societal impacts through contingency measures for essential functions. Bernalillo County committed to providing ongoing public updates as restoration efforts progressed, mirroring responses seen in previous municipal ransomware incidents affecting cities like Atlanta and Baltimore. No ransom demands or data exfiltration claims were disclosed in the initial reports, with containment efforts focused on system isolation and recovery coordination.