Cyber Incident Victim: City of Farmington

On January 3, 2018, the City of Farmington experienced a ransomware attack that disrupted municipal computer systems. A variant of SamSam ransomware encrypted files across many business operations computers, displaying messages demanding payment of 3 bitcoin (approximately $35,000 at the time) to restore access. The attack specifically targeted business systems supporting customer service operations, forcing the shutdown of electronic bill payment services and records processing functions. City Manager Rob Mayes confirmed the FBI advised against paying the ransom. While the ransomware encrypted files, it did not compromise public administration systems, electric utility operations infrastructure, or city email services. No customer or employee personal information was extracted during the incident, and public safety services continued without interruption throughout the event.

The city initiated recovery efforts immediately following the attack, restoring nearly all affected business systems related to customer service operations. Farmington successfully recovered encrypted data without fulfilling the ransom demand through undisclosed technical means. Concurrently, the city collaborated with the FBI to investigate the attack's origin and methodology, while contracting external cybersecurity experts to review existing security protocols. Operational impacts were contained primarily to temporary disruptions in electronic payment processing and records management. The incident prompted public awareness efforts through press releases highlighting global ransomware trends, including 2016 FBI Internet Crime Complaint Center statistics documenting 2,673 ransomware cases causing $2.4 million in losses. Municipal operations returned to normal following system restoration, with no reported residual effects on critical infrastructure or data integrity.