Counties in New Mexico, Arkansas begin 2022 with ransomware attacks

The Arkansas government attack began on December 27, and New Mexico announced a ransomware incident on January 5.
Written by Jonathan Greig, Contributor

Two counties in New Mexico and Arkansas are dealing with ransomware attacks affecting government services, according to officials from both states. 

On Wednesday evening, New Mexico's Bernalillo County -- which covers the state's most populous cities of Albuquerque, Los Ranchos and Tijeras -- officially reported that it was hit with a ransomware attack that began between midnight and 5:30 a.m. on January 5.

County officials have taken the affected systems offline and cut network connections but most county building are now closed to the public. Emergency services are still available and 911 is still operating, but a Sheriff's Office customer service window was closed.

Visitation at the Metropolitan Detention Center has been postponed indefinitely, but all community centers are still open. Many other government services are still available over the phone and in person. 

The county said it is working with its vendors to respond to the incident. Bernalillo County spokesman Tom Thorpe told KOB4 that he was unaware of a specific ransom demand issued by the attackers. 

Bernalillo County communications director Tia Bland said in a statement to KOAT, "Accounting and technology staff are doing a thorough assessment to figure out what the impact is."

Arkansas' Crawford County is also dealing with a ransomware attack that began right before the new year.

Crawford County Judge Dennis Gilstrap told Arkansas' news outlets last week that a ransomware attack was discovered at the County Assessors office on December 27, forcing them to shut down the office's servers. 

Gilstrap said IT workers with the county contacted their cybersecurity provider, Apprentice, for guidance on how to deal with the attack. 

"Basically we had to shut down everything from the servers on, but we got it stopped," Gilstrap told TalkBusiness. "Last I heard, the (County Clerk's office) could not issue marriage licenses. I guess it was good that it happened during a slow period (between Christmas and New Year), if there can be anything good said about it."

Crawford County public defender Ryan Norris added in an interview with the outlet that the clerk's office was not able to pull up jury lists, calling it a "mess." 

By Tuesday, Gilstrap said operations were back to normal at both the assessor office and tax collector office. But he told both TalkBusiness and 5News that it will take weeks before they know whether personal information was accessed by the attackers. 

Also: Government data breach in Rhode Island leads to AG investigation

Ransomware expert Brett Callow told ZDNet that while fewer local governments fell victim to ransomware attacks in 2021 than in either of the previous two years -- 77 versus 113 in both 2020 and 2019 -- that can hardly be seen as a win.

"The fact that a local government was hit so early into the New Year isn't at all surprising, given that they fall victim to ransomware attacks at a rate of about 1.5/week," Callow said.  

"One is one too many, and 77 is far too many. This is especially true as far more incidents now involve data exfiltration, making it more likely that a ransomware attack on a local government will result in sensitive information leaking online."

Shared Assessments's Nasser Fattah said attacks will continue to occur due to the lack of resources and the use of stale technologies, which "collectively make municipalities an attractive target." 

YouAttest CEO Garret Grajek noted that recent research from the Palo Alto Networks Cortex Xpanse team showed that hackers are scanning within 15 minutes of a known vulnerability, while most companies are not patching and updating for 12 hours.

"No company, county or organization is too obscure or too off-the-beaten path for the attackers," Grajek said. "To the hackers, the sites are simply targets of opportunity."  

Editorial standards