• Home
  • cyber
  • Henry County and Illinois: Illinois county government, local college affected by ransomware attacks
cyber Ransomware

Henry County and Illinois: Illinois county government, local college affected by ransomware attacks

Mar 22, 2024 2 min read
Henry County and Illinois: Illinois county government, local college affected by ransomware attacks

Henry County, Illinois Hit by Medusa Ransomware Attack as Local Government Cyber Threats Persist

Henry County, Illinois a border community of roughly 50,000 residents near Iowa has been grappling with a ransomware attack since March 18, disrupting critical government systems. County officials detected the breach on Monday, March 18, prompting an immediate shutdown of affected networks. The incident response team, supported by an external cybersecurity firm, has since engaged multiple law enforcement and government agencies to investigate and mitigate the attack.

While recovery efforts remain ongoing, the county has restored some systems under secure protocols and activated operational continuity measures to maintain essential services, including 911 emergency response. Officials have not disclosed whether the attackers made ransom demands or if the county plans to pay.

On March 21, the Medusa ransomware gang claimed responsibility, issuing an eight-day ultimatum with a $500,000 ransom demand. The group, active since 2023, has targeted high-profile victims globally, including water utilities, school districts, telecommunications providers, and healthcare systems. Recent U.S. attacks by Medusa and other ransomware groups have also struck Jacksonville Beach, Pensacola, and Birmingham, underscoring the persistent threat to local governments.

Brett Callow, a ransomware analyst at Emsisoft, noted that while attack trends fluctuate, cybercriminals continue targeting public-sector entities, suggesting they perceive a viable return on investment despite heightened law enforcement scrutiny.

In a related incident, Monmouth College, located roughly 30 minutes from Henry County, disclosed a ransomware attack that began on December 6, 2023, with full detection on December 14. The breach exposed driver’s licenses, ID cards, and other sensitive data for 44,737 individuals, prompting the school to offer one year of identity protection services to affected parties. The attack highlights the growing vulnerability of educational institutions, even those with advanced IT infrastructure.

Source: https://therecord.media/illinois-county-gov-college-hit-with-ransomware

McHenry County cybersecurity rating report: https://www.rankiteo.com/company/mchenry_county

"id": "MCH1772267333",
"linkid": "mchenry_county",
"type": "Ransomware",
"date": "3/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'Illinois, USA',
                        'name': 'Henry County, Illinois',
                        'size': '50,000 residents',
                        'type': 'Local Government'},
                       {'customers_affected': '44,737 individuals',
                        'industry': 'Education',
                        'location': 'Illinois, USA',
                        'name': 'Monmouth College',
                        'type': 'Educational Institution'}],
 'customer_advisories': 'Monmouth College offered one year of identity '
                        'protection services to affected individuals',
 'data_breach': {'number_of_records_exposed': '44,737',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Driver’s licenses',
                                              'ID cards',
                                              'Other sensitive data']},
 'date_detected': '2024-03-18',
 'date_publicly_disclosed': '2024-03-21',
 'description': 'Henry County, Illinois, a border community of roughly 50,000 '
                'residents near Iowa, has been grappling with a ransomware '
                'attack since March 18, disrupting critical government '
                'systems. The Medusa ransomware gang claimed responsibility on '
                'March 21, issuing an eight-day ultimatum with a $500,000 '
                'ransom demand.',
 'impact': {'operational_impact': 'Disruption of government services, '
                                  'including 911 emergency response',
            'systems_affected': 'Critical government systems'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': 'Yes',
                'ransom_demanded': '$500,000',
                'ransomware_strain': 'Medusa'},
 'references': [{'source': 'Emsisoft'}],
 'response': {'containment_measures': 'Shutdown of affected networks',
              'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes',
              'recovery_measures': 'Restored some systems under secure '
                                   'protocols, activated operational '
                                   'continuity measures',
              'third_party_assistance': 'External cybersecurity firm'},
 'threat_actor': 'Medusa ransomware gang',
 'title': 'Henry County, Illinois Hit by Medusa Ransomware Attack',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.