Henry County, located on the border of Illinois and Iowa, has recently experienced a Medusa ransomware attack.
The cyberattack, which began on March 18, has affected various systems within the county.
Mat Schnepple, the director of the Emergency Management office in Henry County, has confirmed this information.
Upon discovering the Medusa Ransomware, county officials promptly took action by restricting access to the impacted systems. Additionally, an external company has been engaged to assist the county’s incident response team in investigating the attack.
“Since that time, multiple law enforcement and government cybersecurity agencies have been engaged, assisting with the County’s response and leading a multidisciplinary investigation,”
“While the investigation into this incident and the corresponding recovery and restoration efforts remain ongoing, the County has made incremental but important progress in bringing systems back online in a secure manner. In the interim, Henry County is leveraging preestablished operational continuity measures to provide essential services.”
Schnepple said.
According to Schnepple, Henry County’s ability to receive 911 calls and dispatch emergency services remains unaffected by the ransomware attack. However, he did not provide any information regarding the identity of the hackers or whether a ransom will be paid.
Medusa Ransomware Claims responsibility for the Ransomware Attack
With a population of approximately 50,000, Henry County is located approximately two hours away from Cedar Rapids, Iowa. The Medusa ransomware gang has claimed responsibility for the attack, issuing a demand for a $500,000 ransom within an eight-day timeframe, starting from Thursday afternoon.
Since its emergence in 2023, the Medusa ransomware group responsible for the ransomware attack on Henry County has demonstrated increasing sophistication.
They have targeted various organizations globally, including an Italian drinking water company, a major school district in Minnesota, a French town, Tonga’s state-owned telecommunications company, and most recently, the government organization managing the universal healthcare system in the Philippines.
Notably, they made headlines for attacking Toyota and a technology company associated with two prominent Canadian banks. In January, they even attempted to extort Water for People, a nonprofit organization dedicated to improving access to clean water.
The incident in Henry County is part of a series of attacks on local U.S. governments, including Jacksonville Beach, Pensacola, Birmingham, and others.
According to Brett Callow, a threat analyst at Emsisoft and an expert in ransomware attacks targeting government and educational institutions, it is challenging to determine the overall trend of such attacks.
This is due to fluctuations throughout the year, and certain incidents may not become known until weeks or even months later. Despite the increased attention from law enforcement, these groups continue to view government organizations as valuable targets.
“The fact that governments are still being targeted indicates that either there’s ROI [return on investment] in attacking them or that the cybercriminals believe that there is,” Callow said.
