Huber Heights, Ohio, is the latest local government to suffer a cyberattack. City officials announced that the community of nearly 45,000 suffered a ransomware attack on Sunday morning around 8 a.m. local time, causing problems for several city systems.
“Residents can still call 911 and police, fire, and EMS non-emergency numbers,” Rick Dzik, city manager of Huber Heights, located outside Dayton, said in a statement.
Though public safety services are not impacted, the city’s zoning, engineering, tax, finance, utilities, human resources and economic development divisions will be disrupted over the next week, according to the Huber Heights Civic Alerts page.
Cybersecurity experts say ransomware attacks, a cyberattack that prevents or limits users from accessing their system and data until a ransom is paid, are becoming increasingly common for local governments, businesses and schools, often disrupting computer systems, city services, or leaking private information.
Other municipalities in Ohio have faced similar cybersecurity incidents this year, including the City of Circleville, which suffered a ransomware attack in January that disrupted services run by the city’s municipal court.
Ransomware attacks, which often disrupt essential services, are a growing trend. Among state and local government agencies surveyed this year by the British cybersecurity firm Sophos, 69% reported having been victims of ransomware, up from 58% last year.
Last week, a cyberattack on the Washington Department of Transportation left some information blank on the agency’s mobile apps and website.
Dallas County, Texas, says it’s in the process of reviewing troves of stolen data leaked by a ransomware gang that has a history of disrupting public services in cities, including Oakland, California.
The Cybersecurity and Infrastructure Security Agency, FBI, National Security Agency and the Multi-State Information Sharing and Analysis Center offer a guide, with industry best practices and a response checklist, to help governments implement cyber incident response plans tailored to ransomware attacks and data extortion.