Fraud Management & Cybercrime , Ransomware

After Ransomware Hits, County Declares State of Emergency

Missouri County Blames Ransomware for IT Outages; Special Election Not Disrupted
After Ransomware Hits, County Declares State of Emergency
The Jackson County Courthouse in Independence, Mo. (Image: Shutterstock)

The Missouri county of Jackson County, Missouri declared a state of emergency after being hit by ransomware on the day of a special election.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

Officials on Tuesday first warned residents the county was responding to a "potential ransomware attack" in the wake of multiple unexplained IT outages. The county, which has seats in both Independence and Kansas City, has more than 700,000 residents.

Jackson County Executive Frank White Jr. confirmed in a Facebook post that the IT disruption is ransomware that infected multiple county systems. He declared a state of emergency "as a proactive measure" and said remediation was already underway.

"The investments we've made in our cybersecurity infrastructure have significantly reduced our vulnerability to such attacks and have fortified our ability to respond effectively," White said in a statement. "Our IT department's prompt detection and response underline the value of our ongoing commitment to cybersecurity."

County officials said they brought in third-party cybersecurity experts and law enforcement to probe the incident. Investigators said that at least so far, they've found no signs that attackers stole any data. Because the investigation remains active, authorities said they cannot yet share full details about the intrusion.

A cornerstone of the county's cybersecurity strategy is that it stores no "sensitive financial information" on any of its systems, officials said. Instead, the county outsources the handling and processing of all such data to a Kansas City-based service provider called PayIt. The company's government services platform handles various types of processing and payments for the county, including for property taxes and marriage licenses.

PayIt said in a statement that its systems weren't breached in any way by attackers. The company said its infrastructure "is hosted completely outside Jackson County systems."

News of the Jackson County outage first surfaced Tuesday morning, when officials reported via Facebook: "This morning we found that our systems are down throughout county offices. We are working to fix the issue."

Officials later said in a press release: "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack."

The county said that systems known to be disrupted "so far include tax payments and online property, marriage license and inmate searches." As a result, county officials ordered all Assessment, Collection and Recorder of Deeds offices to close. Later on Tuesday, they said the closures will likely continue until the end of the week.

County officials said the Kansas City Board of Elections and the Jackson County Board of Elections weren't disrupted by the ransomware attack and that the special election proceeded as planned. In it, voters rejected by 58% to 42% a ballot initiative to create a 40-year sales tax that would have helped pay for the construction of a new Kansas City Royals baseball stadium downtown and the renovation of an existing stadium used by the Kansas City Chiefs football team.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.