Cyber Incident Victim: County of Spartanburg

On or around April 27, 2023, Spartanburg County, South Carolina, detected a ransomware attack on its computer network. The discovery of the malicious activity prompted an immediate response from county officials. The source of the attack was not identified at the time of discovery and remained unknown. Upon detection, the county began an investigation to restore normal operations and to determine the full scope and effects of the incident. The attack resulted in limited functionality for the county's IT and phone systems.

The Spartanburg County spokesperson, Kay Blackwell, confirmed the incident publicly. The county's IT Department engaged a third-party cybersecurity firm and forensic team to assist in the response. Law enforcement agencies, including the Federal Bureau of Investigation (FBI), were notified and became involved in the investigation and recovery efforts. The FBI acknowledged its notification of the attack but did not provide any additional details regarding its involvement. The county's stated top priority throughout the event was the safety and security of its residents and employees.

Despite the disruption to its computer network and phone systems, the county confirmed that all essential services continued to operate without interruption. This included 9-1-1 operations and emergency communications, which remained fully functional. To mitigate the impact of the phone system issues, state officials utilized social media platforms, specifically Twitter and Facebook, to provide the public with alternative phone numbers for several local government agencies. The South Carolina Judicial Branch confirmed that its systems were separate and had not been affected by the ransomware incident impacting the county.

The county's response efforts focused on testing and recovering the impacted systems. Recovery work was ongoing as of April 29, 2023. By Monday, May 1, systems within Spartanburg County were still experiencing impacts from the attack. The county continued to work with its cybersecurity consultants and forensic teams to address the issues. Public statements expressed gratitude for the community's patience and support while promising to keep residents informed as further updates became available.

The incident affected a county government serving a population of more than 327,000 residents. Members of the public expressed concern regarding the potential exposure of personal information, citing the possibility that attackers could have accessed identities, addresses, and phone numbers. The specific data accessed or exfiltrated during the attack was not detailed by county officials. No ransomware group claimed public responsibility for the attack on Spartanburg County.

This attack placed Spartanburg County among dozens of other local governments that have dealt with ransomware incidents. The targeting of poorly-resourced local governments across the United States has been a noted trend, with groups attacking small governments in various states including New Jersey, Colorado, Oregon, and New York throughout 2022. The attack on Spartanburg County in April 2023 occurred alongside other high-profile incidents targeting municipal governments early in the year, such as those affecting the cities of Oakland and Modesto in California. The U.S. Department of Justice has identified ransomware as a significant cybercrime threat impacting critical sectors including government, education, healthcare, and retail.