Illinois county government and local college hit by ransomware attacks


An Illinois county on the Iowa border is the latest local government in the United States to fall victim to a ransomware attack.

Henry County has been dealing with a large-scale cyberattack since March 18, Henry County Office of Emergency Management (OEM) Director Mat Schnepple confirmed to Recorded Future News.

County leaders were alerted to the attack Monday and shut down access to several affected systems. The county’s incident response team partnered with an outside firm to begin an investigation into the attack.

“Since then, multiple government and law enforcement cybersecurity agencies have been mobilized, contributing to the county’s response and conducting a multidisciplinary investigation,” Schnepple said.

“While the investigation into this incident and related recovery and restoration efforts continue, the County has made incremental but significant progress in bringing systems safely back online. In the meantime, Henry County is leveraging pre-established operational continuity measures to provide essential services.

Schnepple added that the county is still able to receive 911 calls and dispatch emergency services despite the attack.

He did not respond to questions about whether the hackers had identified themselves or whether a ransom would be paid. The county has a population of about 50,000 and is about two hours from Cedar Rapids, Iowa.

The Medusa ransomware gang took the credit for Thursday afternoon’s attack, giving the county eight days to pay a $500,000 ransom.

The ransomware group has become more sophisticated since its emergence in 2023, launching attacks against an Italian company that provides drinking water to nearly half a million people, one of the largest school districts in Minnesota, the French town of SartrouvilleTongan public enterprise telecommunications company and more recently the government agency that manages the Philippines’ universal healthcare system.

The gang made headlines in the fall for a attack on Toyota and a technology company created by two of Canada’s largest banks. In January, they tried to extort water for the peoplea non-profit organization that aims to improve access to drinking water.

The Henry County attack caps a series of incidents involving U.S. local governments, including Jacksonville Beach, Pensacola, Birmingham and more.

Brett Callow, a threat analyst at Emsisoft and a ransomware expert who tracks attacks on governments and educational institutions, said it’s difficult to know whether the numbers are increasing or decreasing because there are ups and downs. low throughout the year and some incidents do not occur. light until weeks, or even months, later.

Despite the intense law enforcement surveillance that accompanies attacks on government organizations, the groups still appear to view them as attractive targets.

“The fact that governments are still being targeted indicates either that there is a return on investment (return on investment) in attacking them, or that cybercriminals believe there is,” Callow said.

Monmouth College ransomware attack

About 30 minutes from Henry County, Monmouth College in Illinois announced a ransomware attack this week that occurred during the holiday season.

In a notice filed with regulators in Maine And CaliforniaMonmouth said it suffered a ransomware attack on December 14.

An investigation revealed that the hackers had access to the school’s systems starting on December 6.

A total of 44,737 people were affected by the incident, and hackers gained access to driver’s licenses and ID cards, among a host of other information. Victims are offered a year of identity protection services.

“Unfortunately, these types of incidents are becoming more common and organizations with some of the most sophisticated IT infrastructure available continue to be affected,” the school said in letters to victims.

Get more information with the

Future saved

Intelligence cloud.

Learn more.

Leave a comment