A County in Indiana, US, has filed a disaster declaration following a ransomware attack on local government networks, which has prevented the administration of critical services.
Clay County made the declaration after confirming the incident has resulted in an inability to operate Clay County Courthouse and Clay County Probation/Community Corrections facilities.
The July 11 declaration will be in effect for seven days.
Clay County commissioners wrote: “We, the Clay County Board of Commissioners, declare that a local disaster emergency exists in the county and that we hereby invoke and declare those portions of the Indiana Code which are applicable to the conditions and have caused the issuance of this proclamation, to be in full force and effect in the county for the exercise of all necessary emergency authority for protection of the lives and property of the lives and property of the people of Clay County and the restoration of the local government with a minimum of interruption.”
The declaration was issued via the Clay County Emergency Management Agency Facebook page, with the Clay County government website remaining offline at the time of writing.
All public offices and employees of Clay County are required to cooperate with the Clay County Emergency Management Agency in the execution of emergency laws, regulations and directives, both state and local.
Clay County citizens are called upon to comply with all emergency measures, and cooperate with public officials and disaster service forces in executing emergency operations plans.
Suspected Russian Link
No group has so far been identified as being behind the attack, which was first detected on July 9.
However, in a press release issued via Indiana newspaper The Brazil Times on July 10, Clay County Commissioners revealed that a separate ransomware attack by a “Russia-linked cybercrime syndicate” had breached Monroe County, Indiana’s computer systems the previous week.
This attack crippled all county offices and local courts in Monroe County, “and something like it apparently attacked Clay County,” the Commissioners wrote.
The ‘Blacksuit’ ransomware variant was allegedly used in the attack on Monroe. Blacksuit is believed to be a rebranding of the Russia-based Royal ransomware operator.
Clay County has said it had taken a number of actions to mitigate the incident, including isolating affected systems to contain the attack and reaching out to external cybersecurity professionals to help its response efforts.
Surging Ransomware Attacks on Local Governments
The Clay County incident follows a swathe of other recent ransomware attacks on local government services in the US.
In February 2024, Fulton County, Georgia, confirmed that widespread disruptions to its IT systems was a result of a ransomware attack.
Jackson County, Missouri, reported significant disruptions within its IT systems due to a ransomware attack in April 2024, leading to a state of emergency being declared.
In June 2024, Cleveland, Ohio confirmed that city government systems were hit by a ransomware attack, causing the temporary closure of City Hall.
Cybersecurity researchers have observed surging ransomware attacks in 2024, with threat actors pivoting and new groups emerging following law enforcement takedowns of high-profile actors like LockBit.