Illinois' Henry County takes systems offline following a Medusa ransomware attack

Henry County in the U.S state of Illinois said it suffered a significant cyber security incident that forced county officials to take several systems offline.

 

While reports about the data security incident came to light only recently, Recorded Future News said the cyber attack began on March 18 and forced senior County officials to take several systems offline to mitigate the spread of the attack and contain the situation.

 

The county’s incident response team also initiated an investigation with assistance from external cyber security experts to determine the nature and scope of the incident.

 

In a statement shared with the media, Mat Schnepple, director of the Emergency Management (OEM) office in Henry County, said, “Since that time, multiple law enforcement and government cyber security agencies have been engaged, assisting with the County’s response and leading a multidisciplinary investigation.

 

 

“While the investigation into this incident and the corresponding recovery and restoration efforts remain ongoing, the County has made incremental but important progress in bringing systems back online in a secure manner. In the interim, Henry County is leveraging pre established operational continuity measures to provide essential services.”

 

Schnepple added that the county’s emergency services including 911 and emergency dispatch are operational, despite the attack the county is going through. Also, records management systems and a helpline for reporting suspicious activities were not affected by the incident.

 

While the investigation is still ongoing, County officials do not believe that any sensitive personal confidential data was compromised in the cyber security incident.

 

The County is yet to issue a statement on who is behind the cyber attack or the nature of the incident. On March 21, the notorious Medusa ransomware group claimed responsibility for the cyber attack on the county and listed it as a victim on its data leak site.

 

The group demanded a ransom of $500,000 and gave the County a deadline of seven days to pay the ransom, failing which it threatened to publish the data online. The group also gave the County the option to increase the deadline by paying $10,000 for 24 hours or download the data by paying $500,000. It is not known if County officials have established contact with the ransomware group or paid a ransom.