Cyber Incident Victim: City of Tarrant
Date:
Feb 2025
Location:
United States of America
Summary
A ransomware attack targeted the police department's systems in an attempt to extort payment, but the city refused to comply. IT contractors successfully isolated and shut down the affected server, performed repairs, and restored services while maintaining other essential operations like record searches through segregated departmental servers. The incident temporarily forced the police department to use paper reports for filings. Officials confirmed no citywide disruption occurred due to decentralized server infrastructure but acknowledged ongoing investigations into the breach's origin. Public communications initially indicated broader system shutdowns, contrasting with later assessments of contained impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 10, 2025, the City of Tarrant, Alabama, experienced a ransomware attack targeting its police department's computer systems. Cybercriminals attempted to extort money from the municipality by compromising the police department's server infrastructure. Police Chief Wendell Major confirmed the incident and stated that city IT contractors immediately enacted established protocols to contain the threat. Responders took the affected server offline to isolate the attack, performed necessary repairs, and restored operational services without paying the ransom demand. The containment strategy prevented citywide disruption because major departments like police operated on separate servers. While essential functions such as law enforcement record searches remained available, the police department temporarily reverted to filing paper reports due to the server takedown. Chief Major emphasized the importance of preparedness but acknowledged the investigation into the attack vector remained ongoing, stating, "We don't know yet how it happened. We just shut it down." This response contrasted with an official city social media post claiming all municipal systems had been shut down, though no other departmental impacts were substantiated. Efforts to contact Mayor Wayman Newton for additional clarification were unsuccessful at the time of reporting.
The incident caused limited operational disruption compared to the severe 2024 ransomware attack on Birmingham, Alabama, which had crippled law enforcement capabilities like stolen vehicle checks and warrant verification. In Tarrant, the primary documented consequence was the police department's temporary reliance on manual reporting processes during system restoration. Chief Major confirmed no other critical services or interdepartmental systems were compromised, crediting segmented server architecture with containing the damage. No evidence emerged of data exfiltration or secondary impacts on payroll, public safety databases, or resident information. The city continued investigating the breach's origin while reactivating systems, with no public disclosure of specific malware variants or ransom amounts. Social media announcements indicating broader outages were not corroborated by operational details from the police chief or evidence of cascading failures. Tarrant avoided the prolonged recovery and systemic vulnerabilities experienced during Birmingham's incident, maintaining baseline law enforcement functions throughout the disruption.