WannaCry hits Chicago-area county, marking first confirmed government infection in U.S.

Cook County, Illinois, reports its cybersecurity team is handling the situation and operations are stable.

A fast-spreading global ransomware campaign has found its first local government target in Illinois, StateScoop has learned. Cook County’s incident is the first known government infection of the WannaCry virus in the U.S.

The county, which includes the City of Chicago, confirmed to StateScoop that its Bureau of Technology found the ransomware on “a small number of systems” on Friday.

“We initiated our standard security procedures to address the issue. No major Cook County operations are impacted at this time,” said spokesperson Frank Shuftan.

On Friday, a barrage of phishing emails containing WannaCry, also known as WannaCryptor, were sent to targets across Europe. In less than 24 hours, the ransomware campaign successfully infected thousands of computers across not only Europe, but also in the U.S., Asia, Africa and South America. It effectively locks out users from their systems and data unless they pay for a decryption key.


This computer virus spread quickly outside the bounds of initially compromised organizations because it leverages a powerful software vulnerability that is believed to have been developed by the National Security Agency and leaked by a rogue group in April. The leak likely happened when the NSA’s software was detected by hackers, who then repackaged its use of backdoors and digital keys into the virus. The hacker group known as The Shadow Brokers are reportedly responsible for the malware.

The most detrimental effects of the virus reported so far were observed in European hospitals where health care providers were unable to access patient data to deliver treatment.

A Google security researcher pointed out that the software used in the global attack shares code with malware written by a group of North Korean hackers known as the Lazarus Group, though definitive proof of the ransomware’s origins remains elusive.

No government official has yet attributed the attack to any party, nation-state or otherwise.

This story was updated shortly after publication to include additional details as they were uncovered.

Latest Podcasts