Ransomware Strikes Grand Traverse County, Michigan
Grand Traverse County and the City of Traverse City experienced a significant ransomware attack on Wednesday, disrupting services and shutting down court proceedings through Friday. The county's IT department, which manages networks for both entities, detected a potential threat after a software application malfunctioned, prompting a precautionary network shutdown. Upon further investigation, the issue was identified as a ransomware attack.
Ransomware, as defined by the U.S. Department of Justice, is malicious software that denies access to systems or data until a ransom is paid. This type of attack can spread to shared storage drives and other systems, and if demands are unmet, data may remain unavailable, be deleted, or leaked online. Following the attack, ransom demands appeared in "Read Me" emails and files, though no one interacted with the provided URLs.
In response, Grand Traverse County and Traverse City are collaborating with law enforcement, including the FBI, insurance adjusters, legal counsel, and external IT experts to investigate the attack. While no mass data transfer has been detected, the extent of the data compromise remains uncertain. The attack has forced most county and city employees to rely on mobile hot spots and cell phone signals for internet access, with IT evaluations of individual computers underway.
Emergency services, such as 911 and law enforcement, continue to operate, though other services have been affected, including court proceedings and payments at treasurer's offices. Online payments remain functional through third-party platforms. Traverse City Light & Power's network remains unaffected.
The incident highlights ongoing cybersecurity vulnerabilities despite recent investments in security upgrades and modernized IT infrastructure. Officials emphasize the importance of continued improvements to defend against future attacks, recognizing the increasing sophistication of cyber threats.