A ransomware attack in Somerset County, New Jersey has shut down the county’s email and IT system forcing officials to switch off their computers and set up temporary Gmail accounts so residents can still reach key agencies, according to a county press release.
The attack, detected on May 24, disrupted services that rely on the county’s databases, including accessing land and probate records. However, the incident only affected email and IT systems; phone lines and emergency service systems are all working properly, county officials said.
“With the exception of email, the county is performing most normal functions. That said, we have activated our Emergency Operations Center and our Continuity of Operations of Government Plan,” said County Administrator Colleen Mahr. “It is our assumption that this situation will remain in effect at least for the rest of the week.”
An updated notice, released May 25, revealed that “network-linked computers remained turned off, and county emails cannot be received or responded to by county personnel. In addition, clerk and surrogate services that depend on access to county databases remained unavailable, while title searches were possible only on paper records dated before 1977.
County officials also discovered that the attack affected a web form through which Somerset County residents can request replacement mail-in ballots for New Jersey’s primary election next month. Voters can still request ballots by phone or with an in-person visit. The calendar for mail-in, early, and in-person voting is not affected, officials said.
However, digital records and voting machines for the upcoming primary election are never connected to the county system and therefore were unaffected. Officials said that the Board of Elections and County Clerk continue to perform election-related functions as normal, apart from mail-in ballots.
Additionally, to effectively respond to the attack, the Somerset Board of County Commissioners postponed its Tuesday, May 24 meeting. The board plans to address the incident and their ensuing response in the upcoming meeting.
“We are working hard to ensure vital services the public depends on continue to be delivered, such as recycling, road maintenance, and transportation for seniors,” said Mahr. “We have an outstanding IT department that is working around the clock to evaluate our situation, prevent further damage, and ultimately recover.”
It is unclear which ransomware group is responsible for the attack, and county officials have not disclosed the attackers’ possible demands. It is also unclear if any citizen records were compromised in the attack.