Indiana city confirms ransomware hackers behind September incident

Michigan City, Indiana, has confirmed that a damaging cyber incident three weeks ago that impacted government systems was a ransomware attack. 

The Indiana city located on the south shore of Lake Michigan was forced to take many systems offline on September 23 and initially called it a “network disruption.”

On Saturday, the city acknowledged it was hit with a ransomware attack “that affected a portion of the City’s data and impacted municipal employees’ online and telephone access.”

“Mayor Angie Nelson Deuitch informed the Michigan City Common Council on Tuesday that the City’s focus is on safely restoring systems and ensuring critical City operations continue to function,” city officials said in a statement. 

“A forensic investigation remains underway as the External Incident Response Team — comprised of IT professionals from Michigan City and outside agencies — work to determine the full scope and impact of the event. Law enforcement is involved, making the matter an active investigation and limiting what the City can share publicly at this stage.”

Deuitch said the city will continue to provide updates when possible as they work through the recovery and investigative process. 

On Monday, the Obscura ransomware gang took credit for the attack and said they stole 450 gigabytes of data. The group claimed that the time on their ransom had expired and  that they posted all of the data that was taken during the cyberattack. Obscura emerged last month and has since named more than 15 victims.  

Michigan City has a population of more than 30,000 residents. The city did not respond to requests for comment. 

Last year, another municipality in Indiana was forced to file a local disaster declaration after a ransomware attack caused widespread damage to systems used by multiple local government offices.