Wordpress Dev Sandbox

Blog

  • Cybersecurity Best Practices for Small Businesses

    Why Cybersecurity Matters

    Small businesses are increasingly targeted by cybercriminals. According to recent reports, 43% of cyberattacks target small businesses, yet only 14% are prepared to defend themselves. This guide covers the essential security practices every business should implement.

    1. Multi-Factor Authentication (MFA)

    Enable MFA on all business accounts, especially email, banking, and cloud services. MFA adds a second layer of verification beyond just a password, making it significantly harder for attackers to gain unauthorized access.

    • Use authenticator apps (Google Authenticator, Authy) instead of SMS
    • Require MFA for all employees, not just administrators
    • Consider hardware security keys (YubiKey) for high-privilege accounts

    2. Email Security

    Email remains the #1 attack vector for cybercriminals. Implement these measures:

    • SPF, DKIM, and DMARC — Configure these DNS records to prevent email spoofing
    • Employee training — Regular phishing awareness training reduces successful attacks by up to 75%
    • Email filtering — Use advanced threat protection to catch malicious attachments and links

    3. Backup Strategy (3-2-1 Rule)

    Follow the 3-2-1 backup rule:

    1. 3 copies of your data
    2. 2 different storage types (local + cloud)
    3. 1 offsite copy (disconnected from your network)

    Test your backups regularly. A backup you cannot restore is not a backup.

    4. Incident Response Plan

    Every business needs a documented incident response plan that answers:

    • Who is responsible for what during an incident?
    • How do we contain the threat?
    • Who do we notify (customers, regulators, law enforcement)?
    • How do we recover and prevent recurrence?

    Need Help?

    Digital Checkmark provides cybersecurity assessments, monitoring, and incident response for small businesses. Contact us for a free consultation.

  • Cyberattack on Independent Public Regional Hospital Szczecin — March 2026

    Cyberattack on Independent Public Regional Hospital Szczecin — March 2026

    On the night of March 7-8, 2026, the Independent Public Regional Hospital in Szczecin, Poland, experienced a ransomware attack that severely disrupted its IT infrastructure. According to reports, the hospital’s digital systems were infected, resulting in the encryption of key data resources and rendering them inaccessible to staff. This forced the hospital to revert to paper-based operations for both medical and administrative procedures.

    The impact of the attack was significant in terms of operational efficiency. Medical and administrative workflows slowed down as hospital personnel adapted to manual documentation and record-keeping. Despite these challenges, officials confirmed that patient care continued without any reported threat to life or health. The hospital also redirected some patients to other regional healthcare facilities to manage the disruption.

    Details about the ransomware group responsible for the attack remain undisclosed. No reputable sources have identified the threat actor or specified the ransomware variant involved. Additionally, there is no public information regarding whether any data was stolen or exfiltrated alongside the encryption. The exact entry point or method used by the attackers to compromise the hospital’s systems has not been revealed.

    In response to the incident, hospital management prioritized restoring access to their IT infrastructure while ensuring uninterrupted urgent care. As of March 9-10, 2026, recovery efforts were ongoing, but the hospital’s systems remained paralyzed. There have been no announcements concerning law enforcement involvement or progress towards resolution.

    This incident highlights the growing threat that ransomware poses to healthcare organizations around the world. Hospitals, with their critical role in patient care and reliance on IT systems, are particularly vulnerable to such attacks. The disruption caused by encrypted data can delay treatments and complicate administrative tasks, even if patient safety is maintained.

    To protect themselves against ransomware attacks, healthcare organizations should consider the following recommendations:

    • Implement robust cybersecurity frameworks: Regularly update and patch software and hardware to close vulnerabilities.
    • Conduct employee training: Educate staff on identifying phishing attempts and other common attack vectors.
    • Maintain secure and tested backups: Ensure that data backups are performed frequently, stored securely offline, and tested for integrity to enable rapid recovery.
    • Deploy network segmentation: Limit access between different parts of the IT environment to contain potential breaches.
    • Utilize multi-factor authentication (MFA): Add layers of security for user access to critical systems.
    • Establish incident response plans: Prepare and regularly update protocols for responding to cyber incidents to minimize downtime and operational impact.

    While the specifics of the Szczecin hospital attack remain limited, it reinforces the need for healthcare providers to proactively strengthen cybersecurity defenses and response capabilities to safeguard patient care continuity.

    Sources: TVP World, Ransomware.live, Perplexity Research

    Source: Cyberattack sees Polish hospital revert to ‘paper-based’ system | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on Community College of Beaver County — March 2026

    Cyberattack on Community College of Beaver County — March 2026

    On March 9, 2026, the Community College of Beaver County (CCBC), located in Center Township, Pennsylvania, experienced a significant cybersecurity incident involving an encryption-based “cryptolocker” attack. The college’s IT resources were promptly locked down to contain the damage as officials warned of malicious actors targeting the institution’s data. The attack was detected on the first day of the college’s spring break, which may have mitigated immediate disruptions to classes and campus activities.

    The college communicated internally that the attack involved encryption of data, instructing employees not to power on laptops or other devices on campus to prevent further infection. This precautionary measure was intended to limit the spread of the ransomware, which encrypts files and typically demands a ransom payment for decryption keys. Despite these alerts, CCBC has not publicly disclosed which specific systems were affected or whether any data was accessed or exfiltrated during the attack.

    As a public community college serving Beaver County, CCBC’s operations rely heavily on digital systems that manage sensitive information such as grades, transcripts, and financial records. Although the full scope of the disruption remains unclear, the encryption-based attack likely impacted access to these critical services. The college’s decision to lockdown IT infrastructure and issue warnings highlights the severity of the incident, even though no ransom note or claim of responsibility has been publicly confirmed at this time.

    The institution engaged cybersecurity professionals and its insurance provider immediately following the incident and notified federal law enforcement agencies, including the FBI, as well as local police. These steps are consistent with best practices in responding to ransomware attacks, aiming to contain the threat, investigate the breach, and plan for recovery. As of the latest reports on March 10, 2026, the investigation was ongoing, and no public timeline for restoration was provided. The campus is scheduled to reopen on March 16, although it remains uncertain how fully operational the IT systems will be by that date.

    While CCBC has not named the threat actor or ransomware group responsible for the attack, the use of cryptolocker-style malware aligns with tactics commonly employed by cybercriminal groups that target educational institutions. Pennsylvania’s education sector has faced similar cyber threats recently, including a malware incident at the Minersville Area School District in December 2025 and a ransomware attack on the Interboro School District in November 2024. These events underscore the increasing risk of cyberattacks on academic institutions, which often manage large volumes of sensitive personal and financial data.

    For organizations seeking to protect themselves against similar ransomware threats, several key recommendations emerge from this incident:

    • Implement comprehensive backup strategies: Regularly back up critical data offline and test restoration procedures to ensure business continuity in the event of encryption or data loss.
    • Strengthen endpoint security: Deploy advanced antivirus and anti-malware solutions, alongside network segmentation, to detect and isolate threats rapidly.
    • Enforce strict access controls and user training: Limit user permissions based on roles and educate staff on phishing and social engineering tactics commonly used to deliver ransomware.
    • Develop and practice incident response plans: Establish clear protocols for identifying, containing, and reporting cyber incidents, including coordination with law enforcement.
    • Keep systems and software updated: Apply security patches promptly to reduce vulnerabilities that attackers can exploit.

    Educational institutions should also consider engaging cybersecurity experts and insurance providers proactively to strengthen their resilience against ransomware attacks. The CCBC incident highlights the importance of rapid detection and containment measures to reduce potential damage and operational disruption.

    Sources: DysruptionHub, Ransomware.Live

    Source: Community College of Beaver County locks down systems after cyberattack in Pennsylvania | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on Stryker — March 2026

    Cyberattack on Stryker — March 2026

    On March 10, 2026, Stryker, a leading US-based medical technology company, suffered a significant cyberattack that disrupted its global operations. The incident, identified as a destructive wiper attack rather than traditional ransomware, led to the permanent deletion of data across employee laptops, mobile devices, and other Windows-based remote systems. This attack effectively crippled Stryker’s internal IT infrastructure, causing widespread operational paralysis across its sites in Europe, Asia, and the United States.

    Stryker employs approximately 56,000 people worldwide, including around 4,000 employees at its Cork, Ireland facility. According to reports, all IT systems at the Cork base remained offline for several days, leaving thousands of Irish employees unable to perform their duties. Internally, the company faced challenges in order processing, manufacturing, and shipping due to the IT disruption. Notably, the company stated that the attack did not affect its connected medical devices or patient care operations, which helped mitigate broader healthcare risks.

    The threat actor behind this attack is believed to be Handala, an Iran-linked hacking group. Handala claimed responsibility for the operation, asserting it was retaliation for a missile strike on an Iranian school earlier in March 2026. The group alleged that over 200,000 systems—including servers and mobile devices—were wiped and that 50 terabytes of critical data were extracted. However, Stryker has not independently confirmed the data theft or verified the full scale of the destruction claimed by the attackers. The company also clarified that no ransomware or malware was detected during their investigation, highlighting that this was a targeted destructive attack focusing on wiping systems rather than encrypting data for ransom.

    Open-source reports and company statements indicate that the attackers may have exploited Microsoft Intune or similar remote management tools to issue wipe commands to employee devices connected to the corporate network. This method allowed the threat actors to remotely delete data on devices running Windows operating systems. The exact initial access vector remains unconfirmed, and Stryker continues to investigate the full scope of the breach.

    In response to the incident, Stryker engaged with Microsoft and treated the event as a critical enterprise-wide disruption. By March 17, 2026, the company reported containing the breach and focusing on restoring critical systems needed to resume customer support, orders, and shipping operations. The financial impact of the incident is still under assessment, and the full recovery timeline has not been publicly disclosed. Importantly, no customer or patient data appears to have been compromised, and there were no reported impacts to connected medical products such as the Mako surgical system.

    This incident underscores the evolving threat landscape faced by organizations in the medical technology sector. To better protect themselves, companies should consider the following recommendations:

    • Implement robust endpoint security: Regularly update and patch all employee devices, particularly those connecting remotely, to reduce vulnerabilities.
    • Harden remote management tools: Secure platforms like Microsoft Intune with multi-factor authentication, strict access controls, and continuous monitoring to prevent abuse by threat actors.
    • Develop and test incident response plans: Prepare for destructive attacks by establishing clear protocols to isolate affected systems, communicate internally and externally, and restore operations swiftly.
    • Regular backups and data recovery: Maintain secure and tested backups offline to ensure data restoration capabilities after wipe or destructive attacks.
    • Employee training and awareness: Educate staff on cybersecurity best practices and phishing detection to minimize initial intrusion risks.

    The Stryker attack illustrates how geopolitical tensions can manifest in cyber operations targeting critical industries. While the full details and motivations remain partially unverified, organizations must remain vigilant and proactive in strengthening their cybersecurity postures to mitigate such destructive threats.

    Sources: Irish Mirror (irishmirror.ie), Ransomware.Live, and Perplexity Research reports as of March 2026.

    Source: Stryker cyber attack: Thousands of Irish unable to work as hackers cripple global systems | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on Rusk County — March 2026

    Cyberattack on Rusk County — March 2026

    Rusk County, located in northwest Wisconsin, announced on March 11, 2026, that it is investigating a cybersecurity incident affecting its network environment. County officials have engaged forensic experts to assess the scope of the incident and assist in restoring operations within a secure and remediated network environment. While the county’s public website and online payment pages remain accessible through third-party processors, authorities have not yet identified which internal systems were impacted or whether any sensitive data was compromised.

    The incident was publicly disclosed via statements from Rusk County and reported by local news outlets WEAU and WQOW. According to the county’s announcement, the investigation and comprehensive assessment may take several weeks to complete. However, officials have not confirmed if any resident-facing services were disrupted nor have they revealed details about potential data breaches involving community or employee information. The county reiterated its commitment to protecting information security and data privacy throughout the process.

    Rusk County’s domain, ruskcounty.org, had appeared on a ransomware leak tracking site in December 2025 as a potential victim of the Lynx ransomware group, but county officials have not confirmed any connection between this earlier listing and the current incident. No ransom demands, claims of responsibility, or details about the attack vector have been disclosed by county authorities. The county also did not respond to requests for additional comment, and there is no public indication of law enforcement involvement at this time.

    Rusk County serves a population of approximately 14,188 residents, with its county seat in Ladysmith. The county government center houses various offices and the courthouse, making the network disruption potentially significant for local administrative functions. Public-facing services, including online payments, are still operational through third-party platforms, but it remains unclear if internal systems managing records, payments, or other operations were affected.

    This incident is part of a broader pattern of cyber disruptions reported among Wisconsin public entities in recent months. For instance, other counties have experienced network outages and suspicious activity affecting permitting and records access, though emergency services have generally remained operational. However, Rusk County has not provided specifics on whether this incident relates to those events.

    Given the limited information currently available, organizations—particularly in the public sector—should consider the following recommendations to protect themselves against similar cybersecurity threats:

    • Engage cybersecurity professionals promptly: Early involvement of forensic and incident response experts is critical to assessing the scope of an intrusion and initiating remediation efforts effectively.
    • Maintain segmented and resilient network environments: Network segmentation helps contain breaches and limits the spread of malware or unauthorized access within internal systems.
    • Ensure regular backups and test restorations: Reliable, offline backups enable organizations to restore data and services without yielding to ransom demands.
    • Monitor for threat actor activity: Stay informed about emerging ransomware groups, such as Lynx, and use threat intelligence to anticipate potential attack vectors and targets.
    • Educate employees on cybersecurity hygiene: Phishing campaigns and social engineering remain common attack vectors; comprehensive training reduces risk exposure.
    • Implement multi-factor authentication (MFA): MFA strengthens access controls, making unauthorized network access more difficult for attackers.

    While Rusk County’s investigation continues, the incident underscores the ongoing challenges public sector organizations face in defending against evolving cyber threats. Transparency in incident reporting and timely communication with affected stakeholders remain essential to managing impacts and maintaining public trust.

    Sources: DysruptionHub, “Rusk County, Wisconsin probes cybersecurity incident,” published March 11, 2026, dysruptionhub.com.

    Source: Rusk County, Wisconsin investigates cybersecurity incident | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on Stadt Herne — March 2026

    Cyberattack on Stadt Herne — March 2026

    On March 12, 2026, the city administration of Herne, Germany, experienced an incident involving anomalies in parts of its IT infrastructure. While initial concerns suggested a possible cyberattack, subsequent investigations conducted in collaboration with external IT security experts and local security authorities found no evidence of a deliberate cyberattack, ransomware deployment, or data theft. As a precautionary measure, affected IT systems were temporarily shut down, leading to a disruption in several municipal services, particularly those serving citizens directly.

    The incident primarily impacted the city’s citizen services, including departments such as the civil registry, resident registration, aliens authority, and family services. From March 9 to March 13, 2026, scheduled appointments were missed due to the partial IT shutdown. The city administration has been actively contacting affected residents via email and phone to reschedule these appointments. Despite the operational disruptions, no personal data was compromised, stolen, or encrypted, and investigations explicitly ruled out the outflow of data from city IT systems.

    The cause of the incident was described by officials as “anomalies” within subsystems of the IT environment rather than a confirmed cyberattack. External experts and security authorities involved in the inquiry found no indications consistent with typical cyberattack methodologies such as phishing, ransomware encryption, or unauthorized data exfiltration. Accordingly, there has been no identification of a threat actor or ransomware group associated with the event.

    In response to the anomalies detected, Stadt Herne took swift action by proactively shutting down affected IT systems to prevent potential escalation or damage. Restoration of systems began on March 11, 2026, with the civil and resident registry services returning to normal operations by the afternoon of that day. Other departments like the aliens and citizenship services were expected to resume normal functioning shortly thereafter. The city aimed to fully restore all affected systems and citizen services by the end of that week. The IT service provider involved commended the city’s preemptive security measures and rapid response in managing the incident.

    Law enforcement and security authorities were engaged during the investigation process to ensure thorough analysis, but since no evidence of criminal activity was found, no active law enforcement actions or prosecutions have been reported. The city continues to monitor its IT infrastructure closely to prevent future incidents and maintain public trust.

    While this event did not culminate in a confirmed cyberattack, it underscores the importance for municipal governments and similar public sector organizations to maintain vigilant cybersecurity postures. Based on this incident, organizations can consider the following recommendations to protect themselves:

    • Implement robust monitoring and anomaly detection: Early identification of irregular behavior in IT systems can enable swift containment and mitigation before potential attacks escalate.
    • Develop and regularly update incident response plans: Having clear procedures for IT shutdowns, stakeholder communication, and system restoration minimizes service disruption and enhances coordination during crises.
    • Engage external cybersecurity expertise: Independent assessments and collaboration with security authorities help validate findings and strengthen defensive measures.
    • Ensure regular backups and secure data handling: Even if no data compromise occurred here, maintaining secure, tested backups is vital for recovery from any future incidents.
    • Communicate transparently with affected users: Informing citizens promptly about service interruptions and rescheduling procedures helps maintain public confidence and reduces inconvenience.

    In conclusion, the Stadt Herne incident serves as a reminder that not all IT irregularities stem from malicious actors, but precautionary responses and thorough investigations remain essential. Public sector entities should continuously refine their cybersecurity readiness to safeguard essential services and sensitive data.

    Sources: Westdeutsche Allgemeine Zeitung (https://www.waz.de/lokales/herne-wanne-eickel/article411437410/cyberangriff-stadt-herne-schaltet-it-systeme-ab-buergerservice-eingeschraenkt.html), Perplexity Research analysis.

    Source: Cyberangriff? Stadt Herne schaltet IT-Systeme ab – Bürgerservice eingeschränkt | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on Hanover County Public Schools — March 2026

    Cyberattack on Hanover County Public Schools — March 2026

    On March 12, 2026, Hanover County Public Schools (HCPS) in Virginia experienced a significant cybersecurity-related disruption that impacted internet access and multiple internal systems across the school district. While the exact nature of the incident remains officially unconfirmed, HCPS described it as a “possible data incident” or “potential data breach,” leading to precautionary shutdowns and a temporary suspension of technology use in classrooms.

    The incident caused an immediate interruption of internet services and forced the district to disable staff and student access to various internal platforms. Notably, student Chromebooks, which operate on a separate domain, did not appear to be directly affected; however, as a precautionary measure, the district temporarily disabled their use. HCPS announced that instruction would continue without technology for at least one week, emphasizing a shift to offline teaching modalities during the investigation period.

    HCPS engaged cybersecurity experts, external legal counsel, and coordinated with state and federal authorities to investigate and resolve the situation. However, the district has not disclosed specific details about the attack vector, the presence of any ransomware, or whether any sensitive data was accessed or exfiltrated. According to official statements, there is no confirmation of ransomware involvement or data theft at this time. The district continues to work diligently with partners to restore affected systems and assess the full scope of the incident.

    The affected organization is a public K-12 school district serving Hanover County, Virginia, which includes multiple elementary, middle, and high schools. The disruption impacted faculty, administrators, and students by limiting access to key digital resources and forcing a temporary return to non-digital instructional methods. Families were advised to communicate with schools via telephone, reflecting the limited online capabilities during the outage.

    While no threat actor or ransomware group has been identified or claimed responsibility, cybersecurity analysts speculated that common attack vectors in education sector incidents—such as phishing campaigns or exploitation of unsecured technology—could be relevant, though this remains unconfirmed by HCPS or law enforcement.

    This incident is consistent with a broader pattern of cybersecurity disruptions affecting Virginia K-12 schools since late 2025, underscoring the ongoing vulnerabilities in educational institutions’ IT infrastructure and the increasing threat landscape targeting this sector.

    Given the available information, organizations—particularly those in the education sector—should consider the following recommendations to mitigate similar risks:

    • Implement robust cybersecurity training: Educate staff and students to recognize phishing attempts and other social engineering tactics commonly used to gain unauthorized access.
    • Enhance network segmentation: Separate student devices and administrative systems to contain potential breaches and reduce attack surfaces.
    • Maintain up-to-date backups: Ensure regular, secure backups of critical data to enable rapid recovery in the event of ransomware or data loss incidents.
    • Engage in continuous monitoring: Deploy tools to detect unusual network activity promptly and respond to potential threats before they escalate.
    • Coordinate with authorities: Establish relationships with local and federal cybersecurity agencies to facilitate timely assistance and intelligence sharing.

    HCPS has pledged to provide updates as their investigation progresses and systems are restored. This incident highlights the critical importance of preparedness and resilience in protecting educational environments against evolving cyber threats.

    Sources: Hanover County Public Schools Technology Update (https://www.hcps.us/events/what_s_new/technology_update__march_2026), Ransomware.Live summary, Perplexity Research analysis.

    Source: Technology Update: March 2026 | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on Jean Co.,Ltd — March 2026

    Cyberattack on Jean Co.,Ltd — March 2026

    On March 13, 2026, Jean Co., Ltd., a Taiwan-based real estate development company, experienced a cyberattack targeting certain information systems that resulted in temporary system downtime. According to an official announcement published by the company on March 15, 2026, the incident was promptly addressed by their internal information security team, which activated defensive and recovery protocols immediately upon detection.

    The affected systems are currently being restored in phases, with assistance from external cybersecurity experts and firms engaged to help contain and remediate the incident. Despite the interruption, Jean Co., Ltd. reported that there has been no material impact on the company’s financial status, business operations, or overall activities based on their current assessment. The company also indicated that no insurance claims are anticipated as a result of this event.

    Details regarding the nature of the cyberattack remain limited in public disclosures. The company’s statement does not specify the type of attack, whether ransomware or another form of intrusion, nor does it confirm any data exfiltration or compromise. Furthermore, there is no mention of the threat actor involved, any demands made, or law enforcement involvement. As of the latest updates, no additional verified information has been provided by reputable sources beyond the company’s official communication.

    Jean Co., Ltd. has emphasized an ongoing commitment to closely monitor the situation while working with both internal and external technical experts to investigate and clarify the root cause of the incident. The company plans to conduct a comprehensive review of its system security measures and intends to strengthen monitoring and protection capabilities to enhance overall information security resilience going forward.

    This incident serves as a reminder for organizations—particularly within the real estate development sector, which can be targeted due to valuable client and transactional data—to maintain robust cybersecurity postures. Key recommendations for companies to protect themselves against similar cyber threats include:

    • Implementing layered security defenses: Utilize firewalls, intrusion detection systems, and endpoint security solutions to create multiple barriers against unauthorized access.
    • Establishing incident response plans: Prepare clear, practiced procedures to rapidly detect, contain, and mitigate cyber incidents when they occur.
    • Engaging external expertise: Collaborate with cybersecurity specialists and firms to perform regular security assessments and assist during incidents.
    • Regular system backups and phased restoration: Maintain up-to-date backups stored securely offline to ensure rapid recovery with minimal operational disruption.
    • Enhanced monitoring and threat intelligence: Continuously monitor networks and systems for anomalies and leverage threat intelligence to stay informed about emerging attack vectors.
    • Employee training and awareness: Educate staff on cybersecurity best practices and phishing prevention to reduce risks from social engineering attacks.

    Although this incident at Jean Co., Ltd. has not resulted in significant losses or operational setbacks, its occurrence underscores the persistent threat environment facing businesses globally. Organizations must remain vigilant and proactive in reinforcing their cybersecurity frameworks to mitigate future risks.

    Sources:

    • Jean Co., Ltd. Official Announcement, March 15, 2026: emops.twse.com.tw
    • Ransomware.Live Summary of Incident
    • Perplexity Research Analysis, March 2026

    Source: Today's Information | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on DeKalb County Sheriff’s Department and Jail — March 2026

    Cyberattack on DeKalb County Sheriff’s Department and Jail — March 2026

    On March 14, 2026, the DeKalb County Sheriff’s Department and Jail in Smithville, Tennessee, experienced a ransomware attack that disrupted key operational systems. The incident affected their main computer server, causing significant interruptions to critical functions, including email communications and inmate booking processes. The attack was detected early Friday morning when staff noticed the inmate intake booking software suddenly stopped working.

    The ransomware compromised the department’s ability to manage jail bookings and access routine email services. Although there were concerns about potential data loss, Sheriff’s Department officials were able to recover the booking data by coordinating closely with their inmate booking software vendor. This recovery effort was reportedly completed by Friday evening of the same week.

    At this time, no specific information has been released regarding any stolen or exfiltrated data. Additionally, there have been no public claims of responsibility from any ransomware group or threat actor. The initial method of intrusion remains undisclosed, and technical details about how the attackers gained access to the Sheriff’s Department systems have not been shared publicly.

    In response to the attack, the DeKalb County Sheriff’s Department engaged a third-party cybersecurity firm to conduct a thorough evaluation and assist with ongoing data recovery and investigation efforts. Law enforcement authorities, including the Federal Bureau of Investigation (FBI) and the Tennessee Bureau of Investigation (TBI), are actively involved in the case. Sheriff Patrick Ray noted that the incident could be linked to broader foreign cyberattacks targeting law enforcement agencies, although this connection has not been confirmed and remains speculative.

    The disruption caused by the ransomware attack had an immediate operational impact on the Sheriff’s Department, particularly in managing jail intake procedures. While the booking data was restored, the duration and extent of email system outages were not specified. Sheriff Ray also mentioned that a similar cyber incident affected another unnamed sheriff’s department within Tennessee, suggesting a possible pattern of attacks against regional law enforcement institutions.

    Given the sensitive nature of law enforcement operations and the critical role of digital systems in managing jail bookings and communications, this incident underscores the importance of robust cybersecurity measures in the public safety sector. Organizations in similar sectors should consider the following recommendations to mitigate risks from ransomware and other cyber threats:

    • Regular Data Backups: Maintain frequent, secure backups of all critical data, including inmate booking information and communication records, to enable rapid recovery in the event of a ransomware attack.
    • Incident Response Planning: Develop and routinely update comprehensive incident response plans that include coordination with vendors, law enforcement, and cybersecurity experts.
    • Employee Training: Conduct ongoing cybersecurity awareness training to help staff recognize phishing attempts and other common attack vectors that could lead to unauthorized access.
    • System Updates and Patch Management: Ensure all software, including booking and email systems, are regularly updated and patched to minimize vulnerabilities.
    • Network Segmentation: Implement network segmentation to limit the spread of malware within critical infrastructure systems.
    • Engage Law Enforcement Early: Report cyber incidents promptly to appropriate law enforcement agencies to leverage their investigative resources.

    While the full scope and attribution of this ransomware attack remain under investigation, the incident serves as a reminder of the increasing cyber threats faced by law enforcement agencies. Maintaining vigilance and adopting layered cybersecurity defenses are essential steps to protect public safety operations from disruption.

    Sources: WJLE Radio, Ransomware.Live, and Perplexity Research analysis of publicly available information as of March 18, 2026.

    Source: Sheriff’s Department and Jail’s Main Computer Server Hacked – WJLE Radio | Data from Ransomware.live | Generated with AI assistance

  • Cyberattack on Gemeente Epe — March 2026

    Cyberattack on Gemeente Epe — March 2026

    On March 14, 2026, the municipality of Epe (Gemeente Epe) in the Netherlands publicly disclosed a significant data breach impacting its information systems. According to an official update from the municipality, approximately 800 gigabytes of data—comprising around 600,000 files—were stolen by professional cybercriminals. The attack was initiated through a sophisticated phishing technique known as ClickFix phishing, which enabled unauthorized access to internal work drives containing sensitive citizen information.

    The breach affected a broad range of files stored on internal network drives, including documents with personal data such as names and addresses. Mayor Tom Horn expressed regret over the incident, emphasizing that both the municipality and its residents had become victims of cybercrime. He confirmed that the municipality promptly reported the breach to the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) and is conducting an ongoing investigation to determine the full scope and specific nature of the compromised data. Due to the volume and variety of files involved, officials have not yet identified all affected individuals but have committed to informing them directly via postal mail once more precise information becomes available.

    The impact of this breach extends beyond data loss; residents are at increased risk of identity misuse or fraud, including potential phishing or other scams leveraging the leaked personal information. The municipality has advised citizens to remain vigilant and referred them to the Autoriteit Persoonsgegevens website for guidance on protecting themselves against misuse of their data.

    From an operational standpoint, the municipality acted swiftly upon discovery of the intrusion on March 12, 2026, collaborating with cybersecurity experts to secure and restore systems. By March 13, normal municipal services—including digital platforms such as MijnEpe and physical offices—were fully operational. The municipality also reassured the public that upcoming municipal elections scheduled for March 18 could proceed safely without disruption from this incident.

    It is important to note that this incident appears to be a data theft and leak rather than a ransomware attack, as there has been no public indication of ransom demands or system encryption. The threat actors behind the attack remain unidentified in official communications, and no specific ransomware group has claimed responsibility. The initial access vector was the ClickFix phishing method, a social engineering tactic designed to deceive employees into providing credentials or executing malicious actions that compromise internal networks.

    For organizations seeking to protect themselves against similar attacks, several recommendations emerge from this incident:

    • Employee Awareness and Training: Since phishing was the initial attack vector, regular and comprehensive cybersecurity training is essential to help employees recognize and avoid phishing attempts, including newer variants like ClickFix phishing.
    • Network Segmentation and Access Controls: Limiting access to sensitive data on internal drives based on role and necessity can reduce the potential impact of compromised credentials.
    • Incident Response Preparedness: Establishing clear protocols to quickly detect, isolate, and remediate breaches minimizes downtime and data exposure.
    • Regular Security Assessments: Conducting penetration tests and vulnerability assessments helps identify and address weaknesses before attackers can exploit them.
    • Collaboration with Authorities: Promptly reporting breaches to relevant data protection authorities ensures compliance with legal requirements and supports coordinated responses.

    The Gemeente Epe breach underscores the persistent threat posed by targeted phishing campaigns and the critical importance of robust cybersecurity measures within public sector organizations. As investigations continue, affected residents and organizations alike should remain alert to potential follow-up risks arising from the leaked personal data.

    Sources: Gemeente Epe Official Update, Ransomware.live summary, Perplexity Research analysis

    Source: Update datalek gemeente Epe | Data from Ransomware.live | Generated with AI assistance