Ransomware attack prompted county jail to put inmates in lockdown

Inmates at the Bernalillo County, N.M., jail have not been able to spend time out of their cells since a Jan. 5 ransomware attack disabled the facility's cameras, according to a court filling.
prison bars
(Getty Images)

A ransomware incident last week against Bernalillo County, New Mexico, had far-ranging consequences, including at the county’s jail, which has mostly confined its inmates to their cells since the cyberattack disabled the facility’s surveillance cameras and data-collection capabilities, according to new court records.

The lockdown circumstances were described in a filing last Thursday from the county in McClendon v. City of Albuquerque, a 1995 federal lawsuit over jail conditions and inmate treatment. In the filing, which was first reported by the Albuquerque Journal, the county’s lawyers wrote that the ransomware incident’s effects had caused its Metropolitan Detention Center — which houses about 1,200 people daily — to fall out of compliance with the suit.

“Based upon the overall crisis as well as the lack of camera coverage within the facility, MDC has temporarily placed the facility on a lockdown beginning the morning on January 5, 2022,” Taylor Rahn, a Bernalillo County attorney, wrote in the brief. “This means inmates, even inmates in general population, are temporarily limited to their cells.”

Rahn also wrote that the ransomware attack initially led to the jail’s automated doors deactivating — requiring personnel to use manual keys — though they began functioning again that evening. The cameras are still offline, as is the jail’s internet connectivity. That’s resulted in staff having to sit in the parking lot to look up inmate records from web-based interfaces that were not compromised.


The filing also stated that landline telephones and the tablet computers that inmates use for viewing media, filing grievances and submitting requests are functional. But without surveillance cameras working and with jail staff unable to get online from inside the facility, the ransomware attack has greatly limited inmates’ day-to-day lives. While they’ll still be able to leave their cells for medical care — the jail’s health provider was not affected — there will be no “unstructured ‘time-out,'” Rahn wrote.

The county told the court it is creating a plan to resume out-of-cell time, but pointed to the camera outage.

“The lack of camera coverage, however, creates a significant security concern for the safety of staff and inmates during out of cell time,” the filing reads.

While the Metropolitan Detention Center is still taking in and releasing inmates, it has also suspended in-person visits and had to limit phone contact.

Elsewhere, Bernalillo County government is still struggling to recover from the Jan. 5 ransomware attack, which prompted it to close its buildings to the public and take most computer systems offline. A Monday press release stated that while the clerk’s office was partially reopening the lobby of the county’s headquarters, many other services, including probate court scheduling and credit card payments for solid waste removal are still offline.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts