Cyber Incident Victim: Vigo County

On July 23, 2019, Vigo County, Indiana, experienced a ransomware attack affecting its computer systems. County officials, including Commissioner Judith Anderson, were notified of the incident early that Tuesday. The attack prompted an immediate investigation by the county to assess its scope and impact. Jeremy Snowden, the county’s Information Technology department director, confirmed the ransomware intrusion but stated the specific malware family remained unidentified at the time. Snowden clarified that no ransom demand or payment request had been received from the attackers. County operations were disrupted, though the exact nature and duration of the disruption were not detailed in initial reports. Commissioner Brad Anderson announced the county had engaged a cybersecurity firm to assist with forensic analysis and incident response. The collaboration aimed to determine the attack’s entry point, data compromise, and recovery options. No evidence suggested data exfiltration or secondary attacks beyond the encryption of systems.

The incident occurred amid a surge of ransomware attacks targeting U.S. municipalities in mid-2019. Earlier that July, multiple local governments, including Lake City and Riviera Beach in Florida, had paid ransoms exceeding $1 million combined to restore operations. In April 2019, Stuart City, Florida, refused payment after a Ryuk ransomware infection, while Jackson County, Georgia, paid $400,000 in March 2019 to decrypt systems paralyzed by the same ransomware variant. Vigo County’s response aligned with a broader pattern of local governments relying on external cybersecurity expertise during such crises. The investigation remained ongoing at the time of reporting, with no public confirmation of data loss or permanent system damage. Recovery efforts focused on restoring functionality without capitulating to ransom demands, reflecting a cautious approach given the unpredictable efficacy of paying attackers.