A server hit by a ransomware attack held personal information of civilian and military personnel in the Indiana National Guard, officials disclosed last week.
The attack took place on a nonmilitary state computer server that had information on both civilian and military members of the Indiana National Guard. Officials from the state police and National Guard said the attack wasn’t targeted — state and local governments and agencies often see thousands of attempted intrusions per day without incident.
Authorities did not specify the type of ransomware, the amount of ransom demanded or whether they paid the attackers. The FBI recommends that ransomware victims should avoid paying up.
According to authorities, the cyberattack may have been successful in blocking administrators from accessing servers. It was a type of malware that blocks “access to the rightful owners, but usually does not compromise the contents of the server,” according to Indiana State Police Capt. David Bursten.
The office is warning personnel that may have been affected to be wary of “suspicious activity or fraudulent accounts” being opened in their name.
“Regardless of whether or not the server contents were compromised, our chief concern is for the welfare of any affected personnel, which is why we will notify employees who may have had their personal information compromised and are proactively taking actions to ensure a similar event does not occur again,” the letter reads.
Bursten did not offer further comment on the investigation to StateScoop, citing its ongoing status.
Indiana is hardly alone in succumbing to ransomware — Pennsylvania Senate Democrats paid more than $700,000 to recover from an attack that also blocked access to email and other systems, and a flurry of recent smaller-scale ransomware attacks — computer systems in Madison County, Wisconsin, West Haven , Connecticut and Muscatine , Iowa — have continued an upward trend of attacks in the multi-billion industry.